Just build it for all Meteor apps! I’m sure MDG will get around to implementing something like this eventually but no reason to wait for or depend on them.
This is an interesting conversation but I have question for the Galaxy team:
Galaxy is hosted on AWS right? And according to AWS certs are free via their certificate manager for apps running on their platform… so how come SSL is not just part of the Galaxy offering?
If I am understanding this correctly it should be a no-brainer free perk included with hosting any app on Galaxy.
Or am I missing something… some small print legal disclaimer somewhere for example.
AWS Certificate Manager Pricing
SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.
Either AWS or making letsEncrypt SSL a simple checkbox would be a VERY nice addition to Galaxy. And it isn’t a big project for galaxy to add one or the other… but would save your average joe a day of research and implementation.
I am trying to follow these steps. Issue i am facing is that .well_known directory is hidden and is ignored by meteor even when its in public folder. Did you face the same issue ?
What do you mean by “dev box”, could this just be my local environment?
If I’m running this on mac osx where would I run the ‘git clone’ command? The ‘server’ directory within my project folder? Would there be a problem with installing it globally?
Got it. When I tried executing the letsencrypt-auto script I got this message:
WARNING: Mac OS X support is very experimental at present…
if you would like to work on improving it, please ensure you have backups
and then run this script again with the --debug flag!
I’m not familiar enough with bash scripts and the risks they pose to feel confident proceeding after that message. What’s the worst that could happen (not a rhetorical question )?
I realize this might be getting off topic, but any light you can shed on the situation is appreciated.
It may create a black hole. Known to happen.
/sarcasm
Running the --manual flag (which we do) is probably not what they are warning about. It’s the apache auto-config if anything, which we are not doing. So go ahead and do it.
There are a lot of steps here, but it’s all I’ve been able to find regarding setting up LetsEncrypt on Galaxy. I was wondering if someone could better explain these steps:
Add a file to your meteor_dir/public/.well-known/acme-challenge/SOME_LONG_WEIRD_STRING_FROM_THE_OTHER_TERMINAL and add in the contents that they tell you to
yes, adding a ‘response’ file for lets encrypt spider / browser to consume. Similar to google verification etc.
the file is generated by the lets encrypt and you view it on the CLI on your dev machine
they actually give u a bash script to write the file using printf “%s”
ALSO, these 6 commands can be easier (3)
so run sudo -i
cd /etc/letsencrypt/archive/sitename.com
cp ./* /some_other_directory
exit to get out of the sudo -i
cd to that directory
sudo chown -R username:username ./*
instead
cd meteor_app/settings (or other non version controlled folder)
sudo cp /etc/letsencrypt/live/sitename.com/privkey.pem .
sudo cp /etc/letsencrypt/live/sitename.com/fullchain.pem .
ok, thanks, figured ouit yesterday, the script somehow could not install some of the dependencies (pip for example), now I am stuck with: ImportError: Unable to import libaugeas!
I will probably need to do it on a linux machine (currently trying it on a mac).
Thanks for the help!