To configure TLS/SSL for a Houston instance, and allow communication to and from the server via HTTPS, you can either:
- Configure your Houston server to automatically generate/renew certificates via the ACME protocol and Let's Encrypt
- Provide your own certificate
Houston can use go's acme.autocert library to automatically generate a certificate if a domain name is provided in the config.
The steps to configure this are as follows:
- Acquire a domain name or subdomain
- Set
config.TLS.Hostto the value of your host name, e.g. 'houston.example.com'. See TLS Config for alternative ways to set this value. You must also provide a password for your server when using TLS (config.Password). - Start a houston server (
houston api). - Determine the (static) IP address of your Houston server
- Point the domain name to your server with DNS records (described below)
Example YAML config for auto TLS:
password: changeme
tls:
host: houston.example.comExample environment variable config for auto TLS:
export HOUSTON_PASSWORD="changeme"
export TLS_HOST="houston.example.com"If you want to provide your own certificate:
- Acquire a domain name for your server
- Point the domain name to your server (described below) with DNS configuration
- Generate a certificate
- Upload the certificate to the server so that
houstoncan find them locally - Provide the SSL certificate when starting the Houston server (configuration described in TLS Config). Ensure that 'auto' is set to
false.
Once you have acquired a domain name, point the domain to the IP address of your Houston server using DNS records, for example:
Name houston.example.com
Type A
TTL 300
Data 12.34.156.178
From then on, your server's base URL will become https://houston.example.com/api/v1, i.e. https://<your domain name>/api/v1.