This is a guide on how to setup a secure HTTPS API using the built-in EOS http_plugin.
SSL support is available since 2018-04-27 release.
First of all you have to be on the DAWN-2018-04-27-ALPHA tag or newer.
If you run nodeos --version it should output 2594537369. Otherwise you have to update.
To update please run on your eos repo clone:
$ cd [EOSIO_DIR]
$ git pull
$ git checkout DAWN-2018-04-27-ALPHA
$ git submodule update --recursive
$ ./eosio_build.sh
$ cd build
$ sudo make install
Obtaining a SSL certificate for your domain with Certbot / Let's Encrypt
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot
Certbot will need to listen on port 80 for the certificate generation challenge.
If you have any service using it please stop that first. Then run:
$ sudo certbot certonly --standalone --preferred-challenges http -d your-domain
Now copy the generated files to your testnet folder:
$ cd [TESTNET_FOLDER]
$ sudo cp /etc/letsencrypt/live/your-domain/fullchain.pem .
$ sudo cp /etc/letsencrypt/live/your-domain/privkey.pem .
$ sudo chown user:user fullchain.pem privkey.pem
Configure nodeos
Edit your config.ini file and add the following lines:
https-server-address = 0.0.0.0:443
https-certificate-chain-file = /[TESTNET_FOLDER]/fullchain.pem
https-private-key-file = /[TESTNET_FOLDER]/privkey.pem
If you want to disable insecure HTTP completely just set (commenting out the line won't work)
http-server-address =
Start nodeos and go to https://your-domain/v1/chain/get_info to check! You should have a green padlock in chrome showing a successful TLS connection.
If something went wrong please take a look on the first lines of your log file less stderr.txt
Good luck!