SSL
Quick Start
WARNING
Using self-signed certificates as shown below will result in a browser security warning. Use at your own risk.
SSL Configuration Variables
| Variable | Default | Description |
|---|---|---|
ENABLE_SSL | false | Enable/disable SSL/TLS encryption |
SSL_PORT | 8443 | Port for HTTPS connections |
SSL_DOMAIN | localhost | Domain name for SSL certificate |
SSL_CERT_PATH | /app/data/ssl/termix.crt | Path to SSL certificate file (highly recommend default) |
SSL_KEY_PATH | /app/data/ssl/termix.key | Path to SSL private key file (highly recommend default) |
Security Variables
| Variable | Default | Description |
|---|---|---|
JWT_SECRET | Auto-generated | Secret key for JWT token signing |
DATABASE_KEY | Auto-generated | Encryption key for database |
Example .env File
env
# SSL/TLS Configuration
ENABLE_SSL=true
SSL_PORT=8443
SSL_DOMAIN=termix.example.com
PORT=8080
# Security Keys (auto-generated by setup script, I do not recommend you overwrite them)
JWT_SECRET=your-64-character-hex-string
DATABASE_KEY=your-64-character-hex-stringUsing the automatic setup, your SSL certificate will last 1 year and should automatically regenerate.
Manual SSL Setup
1. Generate SSL Certificates
Self-Signed Certificate (Development)
bash
# Create SSL directory
mkdir -p ./db/data/ssl
# Generate private key
openssl genrsa -out ./db/data/ssl/termix.key 2048
# Generate certificate
openssl req -new -x509 -key ./db/data/ssl/termix.key -out ./db/data/ssl/termix.crt -days 365 \
-subj "/C=US/ST=State/L=City/O=Termix/OU=IT Department/CN=localhost" \
-addext "subjectAltName=DNS:localhost,DNS:127.0.0.1,IP:127.0.0.1"
# Set proper permissions
chmod 600 ./db/data/ssl/termix.key
chmod 644 ./db/data/ssl/termix.crtLet's Encrypt Certificate (Production)
bash
# Install certbot
sudo apt-get install certbot
# Generate certificate
sudo certbot certonly --standalone -d your-domain.com
# Copy certificates to Termix data directory
sudo cp /etc/letsencrypt/live/your-domain.com/fullchain.pem ./db/data/ssl/termix.crt
sudo cp /etc/letsencrypt/live/your-domain.com/privkey.pem ./db/data/ssl/termix.key
# Set proper permissions
sudo chown $USER:$USER ./db/data/ssl/termix.*
chmod 600 ./db/data/ssl/termix.key
chmod 644 ./db/data/ssl/termix.crtThen set the environment variables shown above to enable SSL.
Support
If you need help with Termix, you can join the Discord server and visit the support channel. You can also open an issue or open a pull request on the GitHub repo.