TLS/SSL
You always want to run Yarkon Server over secure HTTP connection, using the HTTPS protocol.
ELB/ALB
The AWS recommended solution for implementing TLS/SSL support, is to use an Elastic Load Balancer or an Application Load Balancer to terminate HTTPS traffic, and install a cert directly on it.
If you prefer to not use an AWS load balancer, or have a different network topology that requires a different set up, you can set up TLS support directly on the instance running Yarkon.
TLS certs
To set up Yarkon with TLS certs on the instance, follow these steps:
- Acquire the cert files matching the domain name you set for the instance from your CA. You should have two files:
- A key file
- A cert file
- When running the server, use the following
ENVvariables, respectively:TLS_KEYTLS_CERT
For instance, if you placed the cert files in the ssl folder under the same folder where the Yarkon binary is (by default, it is /var/app/current), you should use the following command line to set the environment variables when running Yarkon.
$ TLS_KEY=./ssl/server-key.pem TLS_CERT=./ssl/server-cert.pem ./aphek
If you launched Yarkon Server from an AMI, you should update the env section of the configuration file /var/app/current/yarkon-server.pm2.json to include the following lines:
"env": {
"TLS_KEY": "./ssl/server-key.pem",
"TLS_CERT": "./ssl/server-cert.pem"
}
Checkout the Setup Yarkon with SSL guide for an example of how to set up the certs using a standard Unix server.
If you use a different method to run Yarkon, use the appropriate way to set the environment variables.