TLS/SSL

The following pertains to Yarkon Server only. Yarkon Cloud is setup using the highest security standards and maintained by **Yarkon**.

You always want to run Yarkon Server over secure HTTP connection, using the HTTPS protocol.

ELB/ALB

The AWS recommended solution for implementing TLS/SSL support, is to use an Elastic Load Balancer or an Application Load Balancer to terminate HTTPS traffic, and install a cert directly on it.

If you prefer to not use an AWS load balancer, or have a different network topology that requires a different set up, you can set up TLS support directly on the instance running Yarkon.

TLS certs

To set up Yarkon with TLS certs on the instance, follow these steps:

  1. Acquire the cert files matching the domain name you set for the instance from your CA. You should have two files:
    • A key file
    • A cert file
  2. When running the server, use the following ENV variables, respectively:
    • TLS_KEY
    • TLS_CERT

For instance, if you placed the cert files in the ssl folder under the same folder where the Yarkon binary is (by default, it is /var/app/current), you should use the following command line to set the environment variables when running Yarkon.

$ TLS_KEY=./ssl/server-key.pem TLS_CERT=./ssl/server-cert.pem ./aphek

If you launched Yarkon Server from an AMI, you should update the env section of the configuration file /var/app/current/yarkon-server.pm2.json to include the following lines:

"env": {
    "TLS_KEY": "./ssl/server-key.pem",
    "TLS_CERT": "./ssl/server-cert.pem"
}

If you use a different method to run Yarkon, use the appropriate way to set the environment variables.