Updated ssl server setup (markdown)

ssl-server-setup.md

@@ -1,12 +1,31 @@
+# overview
+
+the musikcube `websockets-remote` plugin does not support ssl by default. while it is technically feasible, it would (1) bloat the distribution, and (2) require quite a bit more configuration infrastructure than i want to add and support right now.
+
+if ssl is desired, one can easily configure [ssl termination](https://en.wikipedia.org/wiki/TLS_termination_proxy) using [nginx](https://www.nginx.com/) or similar software.
+
+the following instructions detail configuring ssl termination using nginx and [let's encrypt](https://letsencrypt.org/) on a raspberry pi.
+
+# install nginx and certbot
+
+`note1:` certbot is used to acquire ssl certificates from letsencrypt.
+
 * `sudo apt-get install nginx`
 * `echo 'deb http://httpredir.debian.org/debian jessie-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/jessie-backports.list`
 * `sudo apt-get update`
 * `sudo apt-get install certbot -t jessie-backports`
-* forward port 443 to the machine running nginx
+
+`note2:` ensure the host running the musikcube server can accept connections from port 443.
+
 * `sudo certbot certonly --standalone`
+
+`note3:` your machine no longer needs to accept connections from port 443 once the certificates are downloaded.
+
 * `sudo chgrp www-data /etc/letsencrypt/live`
 * `sudo chmod 750 /etc/letsencrypt/live`
 
+# configure nginx
+
 `sudo vim /etc/nginx/sites-available/musikcube`
 
 ```
@@ -60,5 +79,11 @@ server {
 }
 ```
 
+# restart the nginx
+
 * `sudo ln -s /etc/nginx/sites-available/musikcube /etc/nginx/sites-enabled/`
-* `sudo /etc/init.d/nginx restart`
+* `sudo /etc/init.d/nginx restart`
+
+# done
+
+you can now use ports `7907` and `7908` in the musikdroid client -- just make sure to enable ssl in the settings!