From fd926c62f9bbff92975d3ef3e138159ee33f9e97 Mon Sep 17 00:00:00 2001
From: casey langen <casey.langen@gmail.com>
Date: Mon, 1 May 2017 22:59:38 -0700
Subject: [PATCH] Updated ssl server setup (markdown)

---
 ssl-server-setup.md | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/ssl-server-setup.md b/ssl-server-setup.md
index 8e50814..e3fdb15 100644
--- a/ssl-server-setup.md
+++ b/ssl-server-setup.md
@@ -1,12 +1,31 @@
+# overview
+
+the musikcube `websockets-remote` plugin does not support ssl by default. while it is technically feasible, it would (1) bloat the distribution, and (2) require quite a bit more configuration infrastructure than i want to add and support right now.
+
+if ssl is desired, one can easily configure [ssl termination](https://en.wikipedia.org/wiki/TLS_termination_proxy) using [nginx](https://www.nginx.com/) or similar software.
+
+the following instructions detail configuring ssl termination using nginx and [let's encrypt](https://letsencrypt.org/) on a raspberry pi.
+
+# install nginx and certbot
+
+`note1:` certbot is used to acquire ssl certificates from letsencrypt.
+
 * `sudo apt-get install nginx`
 * `echo 'deb http://httpredir.debian.org/debian jessie-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/jessie-backports.list`
 * `sudo apt-get update`
 * `sudo apt-get install certbot -t jessie-backports`
-* forward port 443 to the machine running nginx
+
+`note2:` ensure the host running the musikcube server can accept connections from port 443.
+
 * `sudo certbot certonly --standalone`
+
+`note3:` your machine no longer needs to accept connections from port 443 once the certificates are downloaded.
+
 * `sudo chgrp www-data /etc/letsencrypt/live`
 * `sudo chmod 750 /etc/letsencrypt/live`
 
+# configure nginx
+
 `sudo vim /etc/nginx/sites-available/musikcube`
 
 ```
@@ -60,5 +79,11 @@ server {
 }
 ```
 
+# restart the nginx
+
 * `sudo ln -s /etc/nginx/sites-available/musikcube /etc/nginx/sites-enabled/`
-* `sudo /etc/init.d/nginx restart`
\ No newline at end of file
+* `sudo /etc/init.d/nginx restart`
+
+# done
+
+you can now use ports `7907` and `7908` in the musikdroid client -- just make sure to enable ssl in the settings!
\ No newline at end of file