TLS/SSL

The following pertains to Yarkon Server only. Yarkon Cloud is setup using the highest security standards and maintained by Yarkon.

You always want to run Yarkon Server over secure HTTP connection, using the HTTPS protocol.

ELB/ALB

The AWS recommended solution for implementing TLS/SSL support, is to use an Elastic Load Balancer or an Application Load Balancer to terminate HTTPS traffic, and install a cert directly on it.

If you prefer to not use an AWS load balancer, or have a different network topology that requires a different set up, you can set up TLS support directly on the instance running Yarkon.

TLS certs

To set up Yarkon with TLS certs on the instance, follow these steps:

  1. Acquire the cert files matching the domain name you set for the instance from your CA. You should have two files:
    • A key file
    • A cert file
  2. When running the server, use the following ENV variables, respectively:
    • TLS_KEY
    • TLS_CERT

For instance, if you placed the cert files in the ssl folder under the same folder where the Yarkon binary is (by default, it is /var/app/current), you should use the following command line to set the environment variables when running Yarkon.

$ TLS_KEY=./ssl/server-key.pem TLS_CERT=./ssl/server-cert.pem ./aphek

If you launched Yarkon Server from an AMI, you should update the env section of the configuration file /var/app/current/yarkon-server.pm2.json to include the following lines:

"env": {
    "TLS_KEY": "./ssl/server-key.pem",
    "TLS_CERT": "./ssl/server-cert.pem"
}

Checkout the Setup Yarkon with SSL guide for an example of how to set up the certs using a standard Unix server.

If you use a different method to run Yarkon, use the appropriate way to set the environment variables.