These are chat archives for gdg-x/hub

8th
Sep 2016
Robert Jacob
@xperimental
Sep 08 2016 11:04
I know, a bit late to the party, but have you considered using Let's Encrypt to automate the process? https://letsencrypt.org/
Friedger Müffke
@friedger
Sep 08 2016 11:06
I messed with let's encrypt for half a day and it isn't well supported for NodeJS or GCP.
quote from Michael
Do you have any experience with that?
Robert Jacob
@xperimental
Sep 08 2016 11:17
Sorry, missed that message. I haven't tried it on GCP or a NodeJS server, but I guess it could work. If you think it is a viable alternative (and explain your setup a bit) I can investigate a bit, if you like.
(I use nginx on a private server, but there are a few NodeJS backends served by it)
Michael Prentice
@Splaktar
Sep 08 2016 13:39
Express server on GCE using a GCE load balancer (where the certificate has to be registered)
Let's Encrypt requires a cron type job to refresh the certificate every 90 days. I tried a couple of their NodeJS libraries and CLI tool, both were buggy with poor support
Robert Jacob
@xperimental
Sep 08 2016 15:12
@Splaktar I have this one running on two servers. Seems to work nicely so far: https://github.com/hlandau/acme
Jacques Supcik
@supcik
Sep 08 2016 21:46
Let me know if I can help. I have experience with Cloudflare, Let's Encrypt and with StartSSL (https://startssl.com/). Cloudflare is not such a bad option; they can be the man-in-the-middle and see the requests passing, but the traffic between them and your backend can be encrypted using a self-signed certificate.
Michael Prentice
@Splaktar
Sep 08 2016 21:51
@supcik do you have a blog post or instructions for setting up let's encrypt with GCE load balancers and automatically updating the certificate every 90 days? Is it possible via API calls?
@xperimental that acme project looks really good! I will certainly check it out. Thanks!
Jacques Supcik
@supcik
Sep 08 2016 22:00
There are many posts concerning Let's encrypt and GCE, and as far as I know, there is no API that let you upload the certificate to the GCE. So I think that a self-signed certificate + Cloudflare or a StartSSL certificate are better options for now.
Michael Prentice
@Splaktar
Sep 08 2016 22:02
I will take a look at StartSSL, thank you!
For those who haven't seen the full issue, it is gdg-x/hub#91
Jacques Supcik
@supcik
Sep 08 2016 22:51
I just made a special reverse proxy on https://hub.gdgfribourg.ch/
At least for our case, it works good: https://gdgfribourg.ch/#!/organizers
The reverse proxy runs on a DigitalOcean machine and the certificate is provided by CloudFlare. So actually this is a double reverse proxy ( -> CloudFlare -> DigitalOcean -> https://hub.gdgx.io)
All connections are encrypted