Screenly
Switch to HTTPS as the default port binding
With recent Raspberry Pis being powerful, it's no longer very expensive to run Nginx as a reverse proxy. This is also a more standardized way of serving web apps, so let's do this.
Here's what we need to do:
Ansible
- Remove
enable-sslfrom the SKIP_TAGS - Remove
/bin/enable_ssh.sh
App
- Change the Gunicorn binding in server.py to bind on a UNIX socket (
/var/run/screenly.socket) - Remove the listen line in
screenly.conf
Nginx
- Re-configure Nginx to listen on listen on 8080 as well (80, 443, 8080)
- Reconfigure Nginx the's 'ose' upstream to use the UNIX socket
- Add a forwarding rule to redirect :8080 -> :443
@over64 raised a good point. We might not want to do this as the default as it will throw an error message for all users (self-signed cert).
Perhaps we should instead not redirect everything to :443 by default, but rather make that conditional. We could do that with an include file or something similar.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}