Currently, I'm thinking about usage of letsencrypt https certificates with yesod application, which will be deployed to the actual server using keter.
My question is: What is the best way to do so?
There are no explicit description about this in the Internet, although here you can see assumption that it is possible. Due to .well-known file serving, we have either two options:
- Use some outer server like nginx to serve
.well-knownfile and route all requests to warp server under keter. - Somehow implement routing without nginx.
According to https://github.com/yesodweb/yesod/wiki/Deploying-via-Keter-alongside-Nginx#multi-app the second option is better, but I can't find any examples of this approach. On the other hand, there are lots of documentation about how to configure nginx to use letsencrypt. The latest revision of this wiki page was made in 2013 and I'm not sure it is fresh enough, does something was changed since this time with keter on this question?
First off, you can use
certbotto generate your certs (https://certbot.eff.org/lets-encrypt/ubuntubionic-other). Then you can usewarp-tlsto serve your site with those certs - here's an example https://www.reddit.com/r/haskell/comments/69jkas/trying_to_add_https_support_to_spockwarp/dh7mvuo.