WEBVTT 00:00.120 --> 00:05.860 OK, so let's add the SSL certificate now, but this all use a free certificate service from Cert BOP 00:05.910 --> 00:09.510 that will then fix up the URL problem here, where it says not secure. 00:09.660 --> 00:16.640 And looking at this, we will no longer access our URL by a hasty FTP, but by a hasty https. 00:16.650 --> 00:20.280 OK, so follow the instructions on the Cert bot website. 00:20.390 --> 00:22.470 So I've just outlined what I'm doing down here. 00:22.620 --> 00:24.090 So if we go to the website. 00:24.180 --> 00:29.990 So my hasty FTP website is running Engine X on Ubuntu Twenty. 00:30.000 --> 00:33.030 OK, so it gives you specific instructions below. 00:33.030 --> 00:37.280 Ubuntu twenty point zero for Altius already has Snapdeal's installed, so we I need to do that. 00:37.320 --> 00:42.570 The future version, the version coming out soon of rebounded twenty two point zero for Altius will 00:42.570 --> 00:47.820 also have Snapdeal installed, so we can just ensure that our version of Snapdeal is up to date. 00:47.940 --> 00:50.580 A copying that and going on our server using S-H. 00:50.700 --> 00:54.390 OK, so I want to find a server that got from digital ocean the right click. 00:54.540 --> 00:57.120 Sudo snap install core sudo snap refresh. 00:57.130 --> 00:57.450 Cool. 00:57.510 --> 01:00.450 That's just making sure that I had the latest version of Snap. 01:00.570 --> 01:05.730 That's good that I don't have to remove any older versions, so I didn't have any installed support. 01:06.390 --> 01:09.000 Place sudo snap install support. 01:10.470 --> 01:10.890 Very good. 01:11.640 --> 01:16.500 We need to prepare the support command so that we can execute it from the command line. 01:17.130 --> 01:24.870 Now we just run sudo support Engine X like that because we're using an Engine X server, so it will 01:24.870 --> 01:27.330 ask us to put in some information, which we have to do. 01:28.360 --> 01:35.080 You need to agree, yes, you don't have to share your information now because I have created a configuration 01:35.080 --> 01:36.400 before for Bafana. 01:36.440 --> 01:42.140 Dress code dot net, it has found it so says which name would you like to activate hastily before for 01:42.160 --> 01:43.080 press number one? 01:43.270 --> 01:43.660 So. 01:44.640 --> 01:45.870 Now it's requesting a certificate. 01:45.900 --> 01:51.420 Now it's important that your domain name has fully propagated when you run that step because it will 01:51.420 --> 01:56.610 verify the domain name points to the same IP address from different locations in the world. 01:56.610 --> 01:57.870 So that's worked for me. 01:57.870 --> 02:02.370 So says successfully receive certificate certificate is saved at ADC. 02:02.370 --> 02:07.390 Let's encrypt live performance the code on a full chain PM and I approve keeping him. 02:07.410 --> 02:09.570 So for me, it's been successful. 02:09.600 --> 02:15.600 Now, if I just visit Safana ESP Code Dot Net in the browser just like that, I live off the database. 02:15.630 --> 02:17.940 Open up a browser and just put that in press. 02:17.940 --> 02:25.170 Enter it is automatically chosen https and I've got a padlock, so that looks much more professional. 02:25.200 --> 02:27.850 Now it's all optional, whether you do this or not. 02:27.870 --> 02:33.060 This may not be important for you, but if you're managing a Gervonta service for clients, it's important 02:33.060 --> 02:34.120 that it looks professional. 02:34.180 --> 02:36.060 That's one of the things that you can do. 02:36.090 --> 02:41.970 Having a domain name is also useful when it comes to sending out email alerts because your email provider 02:42.000 --> 02:47.700 will do a reverse DNS look up on your IP address and it should resolve to the same name of the server 02:47.700 --> 02:48.960 that sent the email address. 02:49.050 --> 02:49.920 I'll show you that later. 02:49.950 --> 02:56.010 Now, to understand what support has done, if we just clear this support has taken that configuration 02:56.010 --> 03:05.040 file that was in ETSI sites enabled so CTP, ATC and genetics sites enabled. 03:05.850 --> 03:11.080 And if we just look at this fall here or FORNISCE Code Dot need to confirm or see what it did, though 03:11.140 --> 03:18.020 we can just write Cat, which allows us to read text files or foreign stories, be code on it or confirm 03:18.180 --> 03:20.920 what we can see that it has modified the file a little bit. 03:20.940 --> 03:23.400 This is what we originally wrote down here. 03:23.440 --> 03:24.480 The server name Gryphon. 03:24.480 --> 03:30.790 I speak code dot net, but instead now it's returning a 44 not found, but before it gets to that point. 03:30.840 --> 03:37.350 If host equals Safana s code dot net, it will do a 3.1 redirect back to our browser, which tells the 03:37.350 --> 03:41.440 browser to use hACE2 TPS colon slash slash instead. 03:41.460 --> 03:48.030 Whatever the host and the error was okay, so poor it is still being used, but it's being used to return 03:48.030 --> 03:52.740 a three one redirect pointing to the hate https version of the website support, right? 03:52.740 --> 03:59.850 Or that for us if I go up higher server name is California s code dot net proxy pass to hate it to be 03:59.850 --> 04:00.960 localized 3000. 04:00.960 --> 04:01.870 So that's still good. 04:01.890 --> 04:04.230 We're listening now on Port 443. 04:04.230 --> 04:06.240 That's the IPv6 version. 04:06.240 --> 04:11.040 And listen for for three SSL, that's the IP full version. 04:11.040 --> 04:15.840 Now, I don't have IP version six enabled on my digital ocean server, so that line is pretty much going 04:15.840 --> 04:16.380 to be ignored. 04:16.380 --> 04:18.660 But you might have that on your server one day. 04:18.660 --> 04:24.570 And here there are some more commands pointing to the location of the certificates that we just stored 04:24.660 --> 04:26.910 full time PM and eight pm. 04:27.000 --> 04:27.450 Excellent. 04:27.690 --> 04:30.160 So support is doing a whole lot of things for us now. 04:30.180 --> 04:36.360 These certificates don't last very long, but behind the scenes Snap D and support are both making sure 04:36.360 --> 04:39.390 that that certificate gets updated when it is about to expire. 04:39.510 --> 04:40.890 So excellent. 04:40.980 --> 04:46.200 Okay, so if you're using IWC, you probably have to create a new incoming rule in your security group 04:46.200 --> 04:47.640 for Port 443. 04:47.670 --> 04:53.610 You should also leave Port eight open, and it's safe to remove the rule that was credited. 04:53.790 --> 04:55.260 Gaining support 3000. 04:55.440 --> 05:00.420 Now, since I'm using digital ocean port, three thousand is still open, so this will actually still 05:00.420 --> 05:06.450 work if I did call and three thousand put that CTP. 05:07.050 --> 05:07.320 All right. 05:07.350 --> 05:09.240 I don't really want that to work anymore. 05:09.270 --> 05:14.790 I can actually create a firewall rule to block three thousand on my digital license server. 05:14.850 --> 05:21.180 Okay, so since I'm using Ubuntu, just going to clear a screen, I can list any IP tables rules that 05:21.180 --> 05:22.200 I have IP table. 05:22.200 --> 05:23.430 So there are none. 05:23.620 --> 05:31.440 OK, so first thing I want to do is I want to still allow Port 3000 to be called internally because 05:31.440 --> 05:37.950 we have the Engine X proxy forwarding to local host three thousand so I can use that command their IP 05:37.950 --> 05:38.520 tables. 05:38.520 --> 05:47.700 I input TCP source one 20 seven zero zero one destination port 3000 accept and drop everything else, 05:47.710 --> 05:54.060 so anything else trying to call 3000 will be dropped into so IP tables. 05:54.330 --> 06:02.370 Well, we now have a rule for Port 3000 so we can accept Port 3000 if it's being asked from local host 06:02.370 --> 06:05.370 and drop the connection if it's being asked from anywhere else. 06:05.400 --> 06:13.230 So now if I try to visit that address Gryphon ISP code on Netcom 3000 directly, it will eventually 06:13.230 --> 06:13.980 time out. 06:15.250 --> 06:20.100 And that's using a thing called IP tables, because I haven't enabled the firewall and digitalization, 06:20.110 --> 06:27.280 I'm doing that because unlike IWC or other cloud providers, Ocean doesn't force a firewall in front 06:27.280 --> 06:29.280 of your servers automatically. 06:29.290 --> 06:33.640 You have the option to manually block ports using IP tables. 06:37.290 --> 06:43.500 OK, so that's timed out eventually, but if I was to try and just visit that address in another window 06:43.500 --> 06:48.930 doesn't matter for Typekit CPTPP, even it gets automatically forward on the hastebin sacrifice be carried 06:48.930 --> 06:49.320 on it. 06:49.440 --> 06:51.000 So it's much more provisional anyway. 06:51.180 --> 06:51.840 So optional. 06:51.930 --> 06:52.410 Excellent. 06:52.680 --> 06:56.100 In the next section, we'll create our first data source. 06:56.310 --> 06:56.700 Excellent.