Secure Yarkon Server

Just like any other web server, Yarkon Server should be accessed over HTTPS. During the trial period, you can access it over HTTP (not secure), but make sure to implement HTTPS before making it generally available to users.

Once you have your SSL certificate ready, you can set up HTTPS access, following one of these methods:

Using a Load Balancer

The AWS best practice for SSL termination is to use an Elastic Load Balancer (or an Application Load Balancer). This approach allows you to use an AWS provisioned certificate, and is also somewhat more efficient in terms of instance load. It does, however, require an ELB, which incurs a small cost.

To implement this approach, complete the following steps:

  1. Turn on an ELB (or an ALB).
  2. Define a TCP route from port 443 (default HTTPS) to port 80 (default HTTP) on the instance.
  3. Set up the cert - either an AWS provisioned, or upload yours.
  4. Close any direct access to the instance on port 80, except traffic from the load balancer.
  5. Set up a DNS name for the load balancer.
  6. Make sure to update your CORS settings to this DNS name.

Using a Reverse Proxy

A very common approach is to use a reverse proxy such as Nginx. Yarkon Server is a standard web server, so if this is how you handle other servers in your account, simply do the same for it.

Install a Cert on the instance

If you prefer to run the server without a proxy, you can install your SSL cert directly on it. After uploading the cert and the key files to the server, you need to update the runtime environment variables to let Yarkon Server know where to load the cert from. For the complete details, see: Yarkon Server TLS.