Security

Both the Node-RED editor and your bot endpoint should be accessible via HTTPS only. SSL certification of your service is now basic requirement.

You can hand this responsability down to Node-RED configuration. But we recommend to use NGinx to:

manage HTTPs and WSs connections
serve static files
regenerate SSL certificates

Install Nginx

On Ubuntu, you can easily install nginx with the following command lines:

sudo apt-get update
sudo apt-get install nginx

Create a dedicated configuration file

sudo nano /etc/nginx/sites-available/mydomain.com
sudo ln -s /etc/nginx/sites-available/mydomain.com /etc/nginx/sites-enabled/
sudo service nginx restart

Install Certbot

You can use Cerbot to automatically generate your SSL certificates. The tutorial to do so is here.

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

In order to generate a certificate, Certbot must query your server on port 80 to validate you own it. Edit Nginx configuration to redirect the port 80 to /var/www/html

mkdir /var/www/html
sudo nano /etc/nginx/sites-available/mydomain.com

Write the following configuration

server {
    listen 80;

    #server name or ip address
    server_name demo.mydomain.com;

    location '/.well-known/acme-challenge' {
        root /var/www/html;
    }
}

Then restart the service befire running certbot.

sudo service nginx restart
sudo certbot --nginx certonly

Configure Nginx

Now the certificate is available, update the Nginx configuration. If you use the [viseo-bot-template](https://github.com/NGRP/viseo-bot-template/ you can directly link and update it's Nginx configuration.

sudo rm /etc/nginx/sites-available/mydomain.com
sudo ln -s ~/[bot]/bot/conf/nginx.conf /etc/nginx/sites-available/mydomain.com 
sudo nano ~/[bot]/bot/conf/nginx.conf

Then restart Nginx sudo service nginx restart.