Recently I've started using letsencrypt to generate certs for our web servers. Even on FreeBSD, which LE considers an "experimental" platform and not yet fully supported, using LE was a breeze, and worked without a hitch.
This project looks interesting, and seems like it should be pretty simple to set up. Since it appears http.createServer() and auto-sni.createServer() have the same interface, there shouldn't be a problem using it, assuming no significant glitches show up.
Currently our node servers run behind nginx, which has effectively managed http->https redirect, establishing TLS connections, etc. Depending on the situation, conceivably doing it all in node itself could be a reasonable approach.
I was going to ask about this, in our current setup Nginx or an F5 in a DMZ handles TLS termination and everything inside the trusted network is unencrypted. I guess direct termination on the app server would be nice if you don't have a DMZ.
> Currently our node servers run behind nginx, which has effectively managed http->https redirect,
I'm considering trying https://caddyserver.com/ for that as it has LE automation built in (though you might find there are similarly easy integration options for nginx too). I like the idea of dealing with SSL via reverse proxy and not needing anything in my application code to care.
LE is working on automating installation of certs on nginx, but not ready yet. Not a big deal though. Once I had LE set up, needed to edit only 2 lines in nginx config to point to the LE certs location. So when LE certs are renewed, nginx will use them automatically and nothing else needs to be done.
> I like the idea of dealing with SSL via reverse proxy and not needing anything in my application code to care.
Yes, a good reason to reverse proxy, also, besides TLS there's HTTP/2, and running multiple web servers, etc. on the same machine...
Creating a Letsencrypt certificate manually could be quite a pain so its nice to see most of it automated. We should see many Node.js host that automate the SSL certificate creation and installation process for their customers.
This project looks interesting, and seems like it should be pretty simple to set up. Since it appears http.createServer() and auto-sni.createServer() have the same interface, there shouldn't be a problem using it, assuming no significant glitches show up.
Currently our node servers run behind nginx, which has effectively managed http->https redirect, establishing TLS connections, etc. Depending on the situation, conceivably doing it all in node itself could be a reasonable approach.