Enabling SSL: Deploying Reverb with Forge

Deploying Reverb with Forge

Sign in Get started

Playing

06. Enabling SSL

Episodes

0%

Your progress

Total: 16m
Played: 0m
Remaining: 16m

Join or sign in to track your progress

01. Introduction

02. Up and running locally

03. Deploying to Forge

04. Toggling Reverb

05. DNS records for the WebSocket subdomain

06. Enabling SSL

07. Rebuilding assets and restarting Reverb

Transcript

00:00

We're going to want to make sure we enable SSL for our WebSocket subdomain.

00:03

So let's do that now, as well as assigning a certificate to our main domain as well. So we're going to head over to the SSL section under our site, and we're going to use Let's Encrypt to create out a certificate for the ws.alex.gs domain and the main domain as well.

00:20

I'm going to get rid of the www one here because I'm not using that as a CNAME record, and we're going to click obtain certificate. Now, just before we do that, I have SSL enabled over on Cloudflare, which sometimes gets in the way of assigning this certificate.

00:34

So I'm going to temporarily change this to off. And then once we do have this assigned, we're going to turn this back on. Let's go back over to Forge and click obtain certificate. And really, we're just going to wait for this to happen.

00:47

Sometimes you'll get issues here, but Forge will give you a list of suggested steps and you'll be able to see the output as well. So you can go ahead and tweak anything to get this running. Okay.

00:57

It looks like that was successful and the certificate is just activating. So once that's done, we should have SSL enabled. Great. Okay.

01:05

I'm going to go back over to Cloudflare and set this to full SSL. And once we've done that back over in our application, this should now be a secure application. And you can see sure enough it is.

01:15

It will also be the case for our ws sub domain as well. So now we can go ahead and configure this to hook up to a completely different scheme and port. Let's go back over to our environment section and we'll update our environment

01:29

file here to point to a completely different port and scheme for us. We want the port to be 443 and we want the scheme now to be HTTPS. Let's go ahead and run this with a config cache clear and hit save on this, and we should be good.

01:46

Now at the moment, this is still not going to work. There's a crucial step to getting this now working within our application. Let's head over to the next episode and make sure that our reverb server gets restarted and also we rebuild our assets.

Episode summary

In this episode, we're focusing on getting SSL set up for both our main domain and our WebSocket subdomain. We head over to our hosting platform (Forge) to use Let's Encrypt and provision new certificates for both domains, making sure everything runs securely over HTTPS. Since Cloudflare is being used in front of the site, there's a quick detour to temporarily disable its SSL so we can assign the new certificate without any hiccups.

You'll see how to pick and assign the right domains (and why we skip the www subdomain in this particular setup). If any issues pop up while provisioning the certificate, Forge provides some useful hints and error outputs so you can debug as needed.

Once everything is successful and the new SSL certificate is active, we jump back to Cloudflare to put the SSL back to full, ensuring all traffic is encrypted end-to-end. After confirming that our application and the ws subdomain both load securely, we update our application's environment settings to use the correct scheme (HTTPS) and port (443).

Finally, the episode ends with a quick note: we're not quite done yet! To fully apply the changes, we need to restart the server and rebuild assets, which will be covered in the next episode.

Episode discussion

No comments, yet. Be the first!