Enable HTTPS encryption
HTTPS encryption uses transport layer security (TLS) to encrypt connections to Thunor Web via the web browser. It is strongly recommended for any use of Thunor Web over a network.
Enable TLS encryption
Encryption requires a specific domain name to be configured, which you can purchase from any domain name registrar.
For demonstration purposes, we'll use thunor.example.com
, but replace this with your own domain throughout the tutorial.
Configure a DNS A record to point to the the server IP address.
Thunor Web automates the process of generating encryption certificates and deploying them. The certificates are generated with the help of certbot.
To generate the certificates and deploy them, run:
python thunorctl.py generatecerts
After the above command successfully completes, you should find that accessing http://thunor.example.com automatically redirects to https://thunor.example.com.
The certificates only last 90 days, so you'll probably want to automatically renew them, described below.
Manually renew TLS certificates
Certificates can be renewed with
python thunorctl.py renewcerts
Automatically renew TLS certificates on Linux
To automatically renew TLS certificates on Linux, you can use a cron job. Edit your crontab using sudo crontab -e
and
type the following entry (replace /thunor
with the location of the thunorctl.py
script):
0 5 * * 0 python /thunor/thunorctl.py renewcerts
Edit the run times to your requirements, following the cron syntax (briefly: the columns are minute, hour, day of month, month, day of week [0-6, where 0 is sunday]). This example runs at 5am every Sunday.
Automatically renew TLS certificates on a remote Docker Machine
If you installed Thunor Web using Docker Machine, it's useful to automatically renew certificates on the remote instance, which may not have Python available (outside of the container) or Docker Compose.
A renew-certs.sh
script is automatically copied to the remote instance when you set up TLS encryption.
Add the script to your crontab by adding the following entry using sudo crontab -e
(replace /home/ubuntu/thunor
with the correct path, if necessary):
0 5 * * 0 /home/ubuntu/thunor/renew-certs.sh
Edit the run times to your requirements, as described in the previous section.