We have stopped offering self hosted version. Hence this article is not usable unless you already had purchased a spotipo license. Please checkout our cloud offering instead.
Configuring SSL support in Spotipo
Enabling HTTPS will help you improve the security of your guest portal. Its mandatory if you are using Facebook login or payment login. In this tutorial we will explain the steps needed to enable it.
To follow this tutorial, you will need:
- One Ubuntu/Debian server setup with latest version of Spotipo running
- A fully registered domain name. This tutorial will use example.com throughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
- DNS records set up for your server. The A record of your domain name should point to the server
- Ports 443 and 80 should be enabled on your server
- Certificate file and private key used is kept on the server
Configure Nginx to serve SSL
Once the certificate is in place, we need to configure Nginx to use it. Just uncomment below lines available in /etc/nginx/sites-available/wifiapp.conf
Don’t forget to replace xxx.xxxx.com with your actual domain name.
listen 443 ssl; ssl_certificate /LOCATION/TO/CERTIFICATE; ssl_certificate_key /LOCATION/TO/CERTIFICATE/KEY; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; keepalive_timeout 300; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
Now restart nginx using
sudo service nginx restart
If everything went well, you should be able to get the SSL version of your spotipo by going to https://yourdomain
Force SSL usage
After testing that SSL works fine in last step. You can now force all requests to be served via SSL.
To do that add the following line to /usr/share/nginx/spotipo/instance/config.py
FORCE_SSL = 1
After that restart the app using
sudo service supervisor restart