-
Notifications
You must be signed in to change notification settings - Fork 96
Setting up TLS or STARTTLS
Andris Reinman edited this page Sep 6, 2016
·
1 revision
The listening feeder server uses plaintext connections by default. If you have SSL keys available, then you can turn on either full encryption (server listens on port 465) or provide connection encryption upgrade using STARTTLS command (server listens on port 587). The keys are read from disk before user is downgraded, so if you start out as root you can read the files from any location, for example from the Let's Encrypt key store.
For example if you have set up Let's encrypt to manage keys for domain name 'example.com' and you want to use the same domain for your MSA server, then you can setup TLS support in production.js like this:
module.exports = {
user: 'nobody',
group: 'nogroup',
feeder: {
port: 587,
starttls: true,
key: '/etc/letsencrypt/live/example.com/privkey.pem',
cert: '/etc/letsencrypt/live/example.com/fullchain.pem'
}
}