Let's Encrypt: distribute video over HTTPS in one click

Every reader of Habrahabr knows what Let's Encrypt is, because more than 100 articles on this topic have already been published. Most of them are installation and configuration instructions: which package to install, which config lines to fix, which script to place in the crontab, how to get it on the next web server and automate for docker and other trendy technologies.



In our product - Flussonic, we have made, perhaps, the easiest way to configure Let's Encrypt, which does not require editing of configs, simply by clicking on the button “Make me HTTPS”.

reference

For those who first hear about "Let's Encrypt", a small reference:

')

Let's Encrypt is a certificate authority that automatically provides free cryptographic certificates for TLS encryption (HTTPS) for a period of 90 days. The project was created to make HTTPS more accessible for Internet projects in order to simplify the process of obtaining, setting up and making it completely free, without compromising security.



The issuance and renewal of the certificate takes place automatically by the Automated Certificate Management Management Protocol (ACME). In this protocol, a series of requests are made to the web server requesting a certificate to confirm ownership of the domain.







Most linux distributions have a package that allows you to get a certificate in a convenient format for popular web servers (nginx, apache2) in 30 seconds. Experienced system administrators can easily configure any software with TLS encryption to use this certificate. And to configure the automatic update, you need to add one line to the crontab.



At the moment, Let's Encrypt have already issued more than 100 million certificates. The service is incredibly popular and recommended for use.

Let's Encrypt and Flussonic

It is somehow indecent to Habr's audience to explain why HTTPS is needed when it comes to video transmission, including from video surveillance cameras. Users become more literate, pay attention to the presence of a secure connection when it comes to filling out forms, and even more so for them it is important that the video from the surveillance camera is delivered safely. And if we are talking about corporate use, then this is simply a must.



We have added support for Let's Encrypt in Flussonic a long time ago, and recently pumped it over to monitor its lifespan. And now I'll show you how our clients set up HTTPS, it's incredibly simple.



It is assumed that the client already has a domain name, configured DNS accordingly. Opens the Flussonic web interface and goes to the “Config” tab and specifies the port for HTTPS:







After entering the port number, the button “Issue by LetsEncrypt” appears in the interface, clicking on which ACME communication takes place. Enter the domain name is not required, Flussonic gets it from the address bar of the browser. This solution saves a few seconds of time, eliminates an error in typing, which generally simplifies the lives of our customers.







In the screenshot above, the result of clicking the button: displays the parameters of the received certificate, certificate authority and expiration date. It remains only to click on the "save" button and that's it, the service will not need to be restarted, and Flussonic will renew the certificate itself.

Results

As I wrote at the very beginning: perhaps, we have the simplest implementation of the Let's Encrypt settings: no additional software or input settings from the keyboard.



Deliver video over a secure connection — it's simple, free, and very much in demand today. We have done everything so that you can focus on your service, and not the configuration of the software.