Skip to content
Shuanglei Tao edited this page Aug 19, 2020 · 1 revision

Let's Encrypt certificates

Let's Encrypt is a Certificate Authority that grants SSL certificates for free, and automatically (via a CLI). First, install their CLI - certbot, then you can request a certificate for your domain:

certbot certonly -d <your domain>

You'll now be able to run ttyd on HTTPS:

ttyd --ssl --ssl-cert /etc/letsencrypt/live/<your domain>/fullchain.pem --ssl-key /etc/letsencrypt/live/<your domain>/privkey.pem <command>

Nginx reverse proxy

If you're interested in running multiple web services on the same machine, a reverse proxy server such as Nginx might be useful! After installing and activating the nginx service, paste the following into /etc/nginx/sites-available/ttyd:

server {
    server_name <your domain>;

    # the following section is relevant if you've generated SSL certificates via Let's Encrypt - which you should have >:(
    listen 443 ssl;
    ssl_certificate           /etc/letsencrypt/live/<your domain>/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/<your domain>/privkey.pem;
    ssl_trusted_certificate   /etc/letsencrypt/live/<your domain>/chain.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass https://localhost:7681/;  # default ttyd port, notice the https prefix
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        # needed for websocket
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

# redirect http requests to https
server {
    if ($host = <your domain>) {
        return 301 https://$host$request_uri;
    }

    listen 80;
    server_name <your domain>;
    return 404;
}
Clone this wiki locally