Ride-The-Lightning-RTL/.github/docs/RTL_SSL_setup.md

### Setup https access for RTL

Forward the ports 80 and 3002 on the router to the device running RTL.
Allow the ports through the firewall of the device.

Install Nginx:
https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
On Debian based distros:
    $> sudo apt install nginx

nginx default config file is at /etc/nginx/nginx.conf. You will need it.

Install, if needed, openssl
On Debian based distros:
    $> sudo apt install openssl

Create a self certificate with openssl
    $> openssl req -newkey rsa:4096 -x509 -sha512 -days 365 -nodes -out /path/to/some/folder/rtl-cert.crt -keyout /path/to/some/folder/rtl-cert.key 


Sample configuration to be inserted in the nginx.conf (adjust the path and filename of your certificate and key):

    stream {
            upstream RTL {
                    server 127.0.0.1:3000;
            }

            server {
                    listen 3002 ssl;
                    proxy_pass RTL;

                    ssl_certificate /path/to/some/folder/rtl-cert.crt;
                    ssl_certificate_key /path/to/some/folder/rtl-cert.key;
                    ssl_session_cache shared:SSL:1m;
                    ssl_session_timeout 4h;
                    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # this line works for me with only TLSv1.2
                    ssl_prefer_server_ciphers on;
            }
    }

Restart Nginx with the new configuration and connect to RTL over https on the port 3002.
On Debian based distros:
    $> sudo systemctl restart nginx
extend https access guide 2019-03-30 08:18:54 +00:00			`### Setup https access for RTL`

Merge branch 'pr/630' into Release-0.13.0 2022-08-13 19:26:32 -07:00			`Forward the ports 80 and 3002 on the router to the device running RTL.`
extend https access guide 2019-03-30 08:18:54 +00:00			`Allow the ports through the firewall of the device.`

			`Install Nginx:`
			`https://www.nginx.com/resources/wiki/start/topics/tutorials/install/`
Merge branch 'pr/630' into Release-0.13.0 2022-08-13 19:26:32 -07:00			`On Debian based distros:`
			`$> sudo apt install nginx`
extend https access guide 2019-03-30 08:18:54 +00:00
Merge branch 'pr/630' into Release-0.13.0 2022-08-13 19:26:32 -07:00			`nginx default config file is at /etc/nginx/nginx.conf. You will need it.`
extend https access guide 2019-03-30 08:18:54 +00:00
Merge branch 'pr/630' into Release-0.13.0 2022-08-13 19:26:32 -07:00			`Install, if needed, openssl`
			`On Debian based distros:`
			`$> sudo apt install openssl`
extend https access guide 2019-03-30 08:18:54 +00:00
Merge branch 'pr/630' into Release-0.13.0 2022-08-13 19:26:32 -07:00			`Create a self certificate with openssl`
			`$> openssl req -newkey rsa:4096 -x509 -sha512 -days 365 -nodes -out /path/to/some/folder/rtl-cert.crt -keyout /path/to/some/folder/rtl-cert.key`
Add instructions to load ngx_stream_module.so in nginx.conf (#117) 2019-04-10 01:28:00 +02:00

extend https access guide 2019-03-30 08:18:54 +00:00			`Sample configuration to be inserted in the nginx.conf (adjust the path and filename of your certificate and key):`

			`stream {`
			`upstream RTL {`
			`server 127.0.0.1:3000;`
			`}`

			`server {`
			`listen 3002 ssl;`
			`proxy_pass RTL;`

Merge branch 'pr/630' into Release-0.13.0 2022-08-13 19:26:32 -07:00			`ssl_certificate /path/to/some/folder/rtl-cert.crt;`
			`ssl_certificate_key /path/to/some/folder/rtl-cert.key;`
extend https access guide 2019-03-30 08:18:54 +00:00			`ssl_session_cache shared:SSL:1m;`
			`ssl_session_timeout 4h;`
Merge branch 'pr/630' into Release-0.13.0 2022-08-13 19:26:32 -07:00			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # this line works for me with only TLSv1.2`
extend https access guide 2019-03-30 08:18:54 +00:00			`ssl_prefer_server_ciphers on;`
			`}`
			`}`

Add instructions to load ngx_stream_module.so in nginx.conf (#117) 2019-04-10 01:28:00 +02:00			`Restart Nginx with the new configuration and connect to RTL over https on the port 3002.`
Merge branch 'pr/630' into Release-0.13.0 2022-08-13 19:26:32 -07:00			`On Debian based distros:`
			`$> sudo systemctl restart nginx`