> On Sep 26, 2017, at 5:13 PM, Alexis King <lexi.lam...@gmail.com> wrote: > > In fact, to elaborate a little bit more: what you probably want to do > is only support HTTPS, but you will not want to only listen on port 443 ... > What you will want to do instead is automatically redirect any users who > use HTTP to the equivalent HTTPS locations by issuing HTTP 301s.
Right. The Let's Encrypt installer does this Apache port remapping for you (which is convenient but not educational) > On Sep 26, 2017, at 5:14 PM, 'Royall Spence' via Racket Users > <email@example.com> wrote: > > I use UFW to configure iptables on my server. It's much less error prone than > configuring iptables directly in my experience. SSH with key auth and http(s) > are the only ways in. https://help.ubuntu.com/community/UFW > <https://help.ubuntu.com/community/UFW> Thanks. Yes, `ufw` worked well. > Yeah, you'll want to allow connections only from the frontend webserver. > That's probably 127.0.0.1, but it would be different if you're doing a > frontend server with a pool of backends. Yes. And by default, `serve/servlet` only listens to 127.0.0.1. PS for future mailing-list spelunkers: the net result is that you can just follow the advice in the docs and use Apache's `RewriteRule` , regardless of whether your front-facing Apache server is HTTP or HTTPS. Though be sure that your #:port argument in `serve/servlet`  matches the port you're proxying to (the sample RewriteRule in the docs uses port 8080, though the default port for `serve/servlet` is 8000)  http://docs.racket-lang.org/web-server-internal/Troubleshooting_and_Tips.html?q=ssl#%28part._.How_do_.I_use_.Apache_with_the_.Racket_.Web_.Server_%29 <http://docs.racket-lang.org/web-server-internal/Troubleshooting_and_Tips.html?q=ssl#(part._.How_do_.I_use_.Apache_with_the_.Racket_.Web_.Server_)>  http://docs.racket-lang.org/web-server/run.html?q=serve%2Fservlet#%28def._%28%28lib._web-server%2Fservlet-env..rkt%29._serve%2Fservlet%29%29 <http://docs.racket-lang.org/web-server/run.html?q=serve/servlet#(def._((lib._web-server/servlet-env..rkt)._serve/servlet))> -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.