Yarkon Server TLS Support

[build 3.0 and up]

You always want to run Yarkon over secure HTTP connection, using the HTTPS protocol.

The AWS recommended solution for implementing TLS/SSL support, is to use an Elastic Load Balancer to terminate HTTPS traffic, and install a cert directly on it.

If you prefer to not use a load balancer, or have a different network topology that requires a different set up, you can set up TLS support directly on the instance running Yarkon.

Securing Yarkon server using TLS certs

To set up Yarkon with TLS certs on the instance, follow these steps:

  1. Acquire the cert files matching the domain name you set for the instance from your CA. You should have two files:
    • A key file
    • A cert file
  2. When running the server, use the following ENV variables, respectively:
    • TLS_KEY
    • TLS_CERT

For instance, if you placed the cert files in the ssl folder under the same folder where the Yarkon binary is (by default, it is /var/app/current), you should use the following command line to set the environment variables when running Yarkon.

$ TLS_KEY=./ssl/server-key.pem TLS_CERT=./ssl/server-cert.pem ./aphek

If you launched Yarkon Server from an AMI, you should update the env section of the configuration file /var/app/current/yarkon-server.pm2.json to include the following lines:

"env": {
    "TLS_KEY": "./ssl/server-key.pem",
    "TLS_CERT": "./ssl/server-cert.pem"

If you use a different method to run Yarkon, use the appropriate way to set the environment variables.