So my 80 web port in nginx runs through SSL I am curious if one should be doing this for the API port, or what the security implications are for the port not running through / on a SSL?
It is generally recommended to enable SSL on HTTP ports. On production services exposed to the public internet I would say it's almost a must.
so for example: http://0.0.0.0:7876/index.html#
I must set port 7876 to use SSL too?
Not quite sure how to go about doing that...
I mean I have installed certbot...
Just curious about this specific port...
is this 7876 considered an HTTP port?
I mean to rephrase the last question is 8776 considered a port on the HTTP/HTTPS protocol layer? IS this question better to ask? I would like to secure the API port but I am not sure how, I am running certbot and Nginx.
HTTP is a protocol, not a specific port. You can use HTTP on any port you want. Of course there are conventions, like port 80 for HTTP and 443 for HTTPS.
You can basically configure the node to listen to any port using either HTTP or HTTPS. It's entirely up to you to decide how to deploy it.
hi I'm aware HTTP isn'ta specific port, I am just curious if the specific API port of 7876 should be covered by the SSL certificate. if it is done manually? Because it shows the link is insecure, my question is if I specifically have to set up the 7876 API port with SSL? Sorry for being confused but something has really distracted me yesterday. Like a bumble-bee flew into my ear and I can't concentrate...
I am, not sure then what port the 7876 port goes though?
is it an HTTPS or HTTP port? I would have thought this port in being on a blockchain would have nodes coming to its defense rather than an SSL certificate? I do not understand.
I am not sure how/ where to configure the node to listen to the port. is it in the nxt.properties file?
I would have thought somehow with NGINX certbot I should set the API port as being part of the HTTPS protocl rathern than the http protocol
Ports and SSL settings are indeed configured on the nxt.properties
file.
Some relevant links: