In researching the best way to get our conversations on our Rocket Chat server encrypted I ran across the most innovative web server I have seen. In our previous posts on Rocket Chat on Raspberry Pi 2 I describe how to install it all but left the SSL configuration until now.
I found that the easiest way to get Rocket.Chat setup with SSL is to use a second web server. The Rocket Chat git repository had some directions on how to setup apache. But this left the problem of getting an ssl certificate.
Caddy made this so easy. Typically you can install it with apt-get caddyserver but Since I am deployed on Arch Linux on a Raspberry Pi it was more difficult. They have download packages to install on major operating systems. You need to do the following on Arch Linux on Raspberry Pi 2. Otherwise just running ‘sudo pacman -S caddyserver’ will do the trick.
curl -L -O https://aur.archlinux.org/cgit/aur.git/snapshot/caddy-git.tar.gz
tar -xvf caddy-git.tar.gz
pacman -S fakeroot
mv caddy-git /home/user/
chown -R user:user caddy-git/
proxy / 127.0.0.1:3000
Then to start it up run:
caddy -conf="/home/user/Caddyfile" -email yourEmail@server.com -agree
The Caddyfile directive file is very powerful and easy to configure. It is so much more flexible and understandable than apache conf files. The proxy command is what takes the users page requests from port 443 on Caddy and passes them through to port 3000 where Rocket Chat is running.
I can say that Caddy is my new favorite web server after many years of using Apache and Jetty.
I am encouraged to see free SSL certificates being offered. It always seemed that the price put on encryption for web sites was out of line with the work it takes to create an SSL certificate. These certificates verify the identity of a web host and encrypt all the data being looked at on a web page. My post on entropy outlines how easy it is to generate enough random data to generate certificates. Let’s Encrypt provides a simple and easy way to get and manage SSL certificates.