Skip to content

Implement TLS for the entire site user flow #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
2 of 5 tasks
jhodapp opened this issue May 1, 2025 · 2 comments
Open
2 of 5 tasks

Implement TLS for the entire site user flow #121

jhodapp opened this issue May 1, 2025 · 2 comments
Assignees
@jhodapp @lmcdonough
Labels
enhancement Improves existing functionality or feature infrastructure DevOps related
Milestone
1.0-beta1

Comments

@jhodapp
Copy link
Member

jhodapp commented May 1, 2025
edited
Loading

Suggestion / Feature Request

Description

We are working with sensitive data and user sessions, so this means we need to encrypt all user session traffic.

Requirements

  • refactor.engineer domain is used as the site's production domain (already purchased)
  • Reserve a static IP for the ubuntu-droplet1 (potentially not needed yet, TBD)
  • Visiting http://refactor.engineer always redirects to https://refactor.engineer
  • Open firewall ports 80, 443 on ubuntu-droplet1
  • All interactions and data with the platform in production are always encrypted using latest TLS standard
@jhodapp jhodapp added the enhancement Improves existing functionality or feature label May 1, 2025
@jhodapp jhodapp added this to the 1.0-beta1 milestone May 1, 2025
@jhodapp jhodapp moved this to 🔖 Ready in Refactor Coaching Platform May 1, 2025
@jhodapp jhodapp added the infrastructure DevOps related label May 2, 2025
@jhodapp jhodapp changed the title [Feature]: Implement TLS for the entire site user flow Implement TLS for the entire site user flow May 2, 2025
@jhodapp jhodapp moved this from 🔖 Ready to 🏗 In progress in Refactor Coaching Platform May 5, 2025
@jhodapp
Copy link
Member Author

jhodapp commented May 8, 2025

For documentation purposes, I'm following this guide composed by Claude.ai for installing and using a TLS certificate. Will document here any ways in which I diverge from it.

@jhodapp
Copy link
Member Author

jhodapp commented May 8, 2025

I decided to install nginx natively on the droplet server instead of using a Docker container version like the instructions suggested. This means I installed an available-site virtual host config that compliments the base nginx config located in nginx.conf.

I didn't think the overhead of Docker was really necessary for nginx and decided to keep this reverse proxy very thin to cut down on some resource usage. Eventually if we need to scale this, we'll need to reconsider this decision and move to a horizontally scalable reverse proxy for serving TLS certificates and other load balancing functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhodapp jhodapp

@lmcdonough lmcdonough

Labels
enhancement Improves existing functionality or feature infrastructure DevOps related
Projects
Refactor Coaching Platform
Status: 🏗 In progress
Milestone
1.0-beta1
Development

When branches are created from issues, their pull requests are automatically linked.

refs/heads/121-implement-tls-for-the-entire-site-user-flow refactor-group/refactor-platform-rs
2 participants
@jhodapp @lmcdonough