Requiring TLS with Vapor

I’m new to using Vapor and just got my first server working. I’m creating a Docker image that I then pull down on my server (running on Linode) to run. The next step for the server is to enable HTTPS by getting a certificate. I’m assuming the easiest way to do that would be to use Let’s Encrypt, putting a cron job on the server to automatically rotate the certificates monthly or so.

What’s the best way to get my Vapor site to a) support HTTPS using this certificate, and b) require HTTPS, automatically upgrading non-secure requests? Or is that even Vapor's domain—is this a Docker setting instead?

Thanks in advance.

@SlaunchaMan certbot has a renew command designed to be used by automated systems to automatically renew the certs from Let's Encrypt.

Getting your Vapor site to support HTTPS is a little more complicated. Vapor 3 doesn't have any built in support to terminate TLS certificates so what you normally do is put it behind a load balancer or reverse proxy, something like Nginx. This can ensure that HTTP requests are upgraded, terminate the TLS cert and forward the requests on to your Vapor application. The Vapor 4 docs have instructions for setting up Nginx and it should be identical to Vapor 3.

2 Likes

Thanks, I was able to get this up and running on my server. I now have certbot automatically updating my certs and nginx proxying my Vapor app with TLS.

2 Likes