Recently I've started using letsencrypt to generate certs for our web servers. Even on FreeBSD, which LE considers an "experimental" platform and not yet fully supported, using LE was a breeze, and worked without a hitch.
This project looks interesting, and seems like it should be pretty simple to set up. Since it appears http.createServer() and auto-sni.createServer() have the same interface, there shouldn't be a problem using it, assuming no significant glitches show up.
Currently our node servers run behind nginx, which has effectively managed http->https redirect, establishing TLS connections, etc. Depending on the situation, conceivably doing it all in node itself could be a reasonable approach.
I was going to ask about this, in our current setup Nginx or an F5 in a DMZ handles TLS termination and everything inside the trusted network is unencrypted. I guess direct termination on the app server would be nice if you don't have a DMZ.
> Currently our node servers run behind nginx, which has effectively managed http->https redirect,
I'm considering trying https://caddyserver.com/ for that as it has LE automation built in (though you might find there are similarly easy integration options for nginx too). I like the idea of dealing with SSL via reverse proxy and not needing anything in my application code to care.
Creating a Letsencrypt certificate manually could be quite a pain so its nice to see most of it automated. We should see many Node.js host that automate the SSL certificate creation and installation process for their customers.
[+] [-] jrapdx3|10 years ago|reply
This project looks interesting, and seems like it should be pretty simple to set up. Since it appears http.createServer() and auto-sni.createServer() have the same interface, there shouldn't be a problem using it, assuming no significant glitches show up.
Currently our node servers run behind nginx, which has effectively managed http->https redirect, establishing TLS connections, etc. Depending on the situation, conceivably doing it all in node itself could be a reasonable approach.
[+] [-] kevan|10 years ago|reply
I was going to ask about this, in our current setup Nginx or an F5 in a DMZ handles TLS termination and everything inside the trusted network is unencrypted. I guess direct termination on the app server would be nice if you don't have a DMZ.
[+] [-] dspillett|10 years ago|reply
I'm considering trying https://caddyserver.com/ for that as it has LE automation built in (though you might find there are similarly easy integration options for nginx too). I like the idea of dealing with SSL via reverse proxy and not needing anything in my application code to care.
[+] [-] jb007|10 years ago|reply
Juts for information purposes, a list of host that supports Letsencrypt is being maintained here: https://github.com/letsencrypt/letsencrypt/wiki/Web-Hosting-...