Enable HTTPS encryption

HTTPS encryption uses transport layer security (TLS) to encrypt connections to Thunor Web via the web browser. It is strongly recommended for any use of Thunor Web over a network.

Enable TLS encryption

Encryption requires a specific domain name to be configured, which you can purchase from any domain name registrar. For demonstration purposes, we'll use thunor.example.com, but replace this with your own domain throughout the tutorial. Configure a DNS A record to point to the the server IP address.

Thunor Web automates the process of generating encryption certificates and deploying them. The certificates are generated with the help of certbot.

To generate the certificates and deploy them, run:

python thunorctl.py generatecerts

After the above command successfully completes, you should find that accessing http://thunor.example.com automatically redirects to https://thunor.example.com.

The certificates only last 90 days, so you'll probably want to automatically renew them, described below.

Manually renew TLS certificates

Certificates can be renewed with

python thunorctl.py renewcerts

Automatically renew TLS certificates on Linux

To automatically renew TLS certificates on Linux, you can use a cron job. Edit your crontab using sudo crontab -e and type the following entry (replace /thunor with the location of the thunorctl.py script):

0  5  *   *   0   python /thunor/thunorctl.py renewcerts

Edit the run times to your requirements, following the cron syntax (briefly: the columns are minute, hour, day of month, month, day of week [0-6, where 0 is sunday]). This example runs at 5am every Sunday.

Automatically renew TLS certificates on a remote Docker Machine

If you installed Thunor Web using Docker Machine, it's useful to automatically renew certificates on the remote instance, which may not have Python available (outside of the container) or Docker Compose.

A renew-certs.sh script is automatically copied to the remote instance when you set up TLS encryption. Add the script to your crontab by adding the following entry using sudo crontab -e (replace /home/ubuntu/thunor with the correct path, if necessary):

0 5    *   *   0   /home/ubuntu/thunor/renew-certs.sh

Edit the run times to your requirements, as described in the previous section.