Is it important to use https for the login/register pages in a Meteor app?
If yes, how can it be done?
1 Like
Yes it is, because otherwise, you’d be sending your password as plain text over the unencrypted wire. O_O
If you use the free 'meteor deploy ’ command to host on meteor.com, it’s done for you.
Thanks!
I’m actually using mup to digitalocean. Any tips for how to do it there
will be much appreciated…
To use https, you have to add the force-ssl package. But you also need an SSL certificate for that, which you can then add to your mup configuration.
SSL certificates are typically quite expensive and have to be paid yearly. But fortunately, there is now a free service for this: https://letsencrypt.org/ It worked like a charm and helps a lot. The only downside is that you have to re-new the certificate every 3 months. Plus, you also need access to the DNS configuration of your app’s domain, as it uses your DNS record to ensure the domain belongs to you.
2 Likes
Thanks, force-ssl + letsencrypt works!