Learning Xojo

Now that you have built your secure Linux Server for Xojo Web 2, you might run into issues around 90 days latest!

How To Build a Linux Server for Xojo Web 2
With Xojo Web 2, it becomes relatively easy to set up a Server and run yourfirst App. You would not even need an own webserver as a Xojo Web 2 App hasbuilt-in its own. But in today’s world, running a Webapp is one thing; runningit securely a different story. This beginner’s guide aims to enable y…

Introduction

Why? Because your certificates will expire. We installed let's encrypt free of cost certificates. They are a tremendous relief, but they need renewal every 89 days latest.

On a side note: I got some replies that I'm not profoundly diving into the certificates topic or how to use an editor on Linux (yes, "vim" is not the easiest one - try "nano" for instance). The above article proved to work for a couple of people without any issues, which was the purpose. Of course, you have to do your homework, and for a deep-dive into some topics, you have to learn those skills.

We are lucky these days that the installation of Let's Encrypt certificates became so flawless. A few years ago, it was by far more complicated.

Renewing your certificates automatically

We have to ensure that our Linux server will update our certificates when needed.

There are many ways to achieve this. I personally like the following one, as it is not only updating your certificates but will ensure to restart our Nginx server so that your server will automatically continue to use the re-newed credentials and, as such, apply them instantly.

On Linux, we have Cron-Jobs for such tasks. Think of Cron as a Task-Manager. Cron jobs execute tasks at the specified time interval. Log into your Linux server and type:

sudo crontab -e

If you are executing crontab the first time, you have to specify which editor you want to use (nano is probably the best choice for many of you). Crontab is the tool to edit the "table" of all of your jobs. It comes with a detailed explanation for a reason. You can/should read it.

At the bottom of this file, please add the following line (please ensure that everything is in ONE line):

40 3 * * 0 letsencrypt renew >> /var/log/letsencrypt-renew.log && /etc/init.d/nginx reload > /dev/null 2>&1

Exit crontab, and enjoy that your certificates will now automatically renew when needed.

What is this doing? Please execute the following command (the same like in our crontab above):

sudo letsencrypt renew

You will get an input similar to this:

[...]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/YOURCERT.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
[...]

Our script is doing the same, but from now on, every Sunday at 03:40 am. On top of that, the cron task will write a log into the file '/var/log/letsencrypt-renew.log' and then restart the Nginx Server (this ensures that certificates that got a renewal are applied instantly).

As we don't need any log from the Nginx activities (they are logged already by Nginx), we pipe all output from the webserver into the nirvana.

Auto-renewal of all of your Let's Encrypt certificates is now successfully implemented!

Alternatives

If all this Linux stuff is over your head, you can of course use Tim Parnell's Lifeboat, which takes care of all of this for you.

Strawberry Software - Lifeboat

And of course Xojo Cloud is an option too:

Xojo: Secure App Cloud Hosting
Xojo, developer of Xojo, a cross-platform development environment for building native apps for desktop, web, mobile and Raspberry Pi, offers Xojo Cloud, an easy to set up and very secure web app hosting service.

Comments

Sign in or become a blog.xojoDOCs.com member to join the conversation.
Just enter your email below to get a log in link.



You’ve successfully subscribed to blog.xojoDOCs.com
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.