1 00:00:00,120 --> 00:00:05,860 OK, so let's add the SSL certificate now, but this all use a free certificate service from Cert BOP 2 00:00:05,910 --> 00:00:09,510 that will then fix up the URL problem here, where it says not secure. 3 00:00:09,660 --> 00:00:16,640 And looking at this, we will no longer access our URL by a hasty FTP, but by a hasty https. 4 00:00:16,650 --> 00:00:20,280 OK, so follow the instructions on the Cert bot website. 5 00:00:20,390 --> 00:00:22,470 So I've just outlined what I'm doing down here. 6 00:00:22,620 --> 00:00:24,090 So if we go to the website. 7 00:00:24,180 --> 00:00:29,990 So my hasty FTP website is running Engine X on Ubuntu Twenty. 8 00:00:30,000 --> 00:00:33,030 OK, so it gives you specific instructions below. 9 00:00:33,030 --> 00:00:37,280 Ubuntu twenty point zero for Altius already has Snapdeal's installed, so we I need to do that. 10 00:00:37,320 --> 00:00:42,570 The future version, the version coming out soon of rebounded twenty two point zero for Altius will 11 00:00:42,570 --> 00:00:47,820 also have Snapdeal installed, so we can just ensure that our version of Snapdeal is up to date. 12 00:00:47,940 --> 00:00:50,580 A copying that and going on our server using S-H. 13 00:00:50,700 --> 00:00:54,390 OK, so I want to find a server that got from digital ocean the right click. 14 00:00:54,540 --> 00:00:57,120 Sudo snap install core sudo snap refresh. 15 00:00:57,130 --> 00:00:57,450 Cool. 16 00:00:57,510 --> 00:01:00,450 That's just making sure that I had the latest version of Snap. 17 00:01:00,570 --> 00:01:05,730 That's good that I don't have to remove any older versions, so I didn't have any installed support. 18 00:01:06,390 --> 00:01:09,000 Place sudo snap install support. 19 00:01:10,470 --> 00:01:10,890 Very good. 20 00:01:11,640 --> 00:01:16,500 We need to prepare the support command so that we can execute it from the command line. 21 00:01:17,130 --> 00:01:24,870 Now we just run sudo support Engine X like that because we're using an Engine X server, so it will 22 00:01:24,870 --> 00:01:27,330 ask us to put in some information, which we have to do. 23 00:01:28,360 --> 00:01:35,080 You need to agree, yes, you don't have to share your information now because I have created a configuration 24 00:01:35,080 --> 00:01:36,400 before for Bafana. 25 00:01:36,440 --> 00:01:42,140 Dress code dot net, it has found it so says which name would you like to activate hastily before for 26 00:01:42,160 --> 00:01:43,080 press number one? 27 00:01:43,270 --> 00:01:43,660 So. 28 00:01:44,640 --> 00:01:45,870 Now it's requesting a certificate. 29 00:01:45,900 --> 00:01:51,420 Now it's important that your domain name has fully propagated when you run that step because it will 30 00:01:51,420 --> 00:01:56,610 verify the domain name points to the same IP address from different locations in the world. 31 00:01:56,610 --> 00:01:57,870 So that's worked for me. 32 00:01:57,870 --> 00:02:02,370 So says successfully receive certificate certificate is saved at ADC. 33 00:02:02,370 --> 00:02:07,390 Let's encrypt live performance the code on a full chain PM and I approve keeping him. 34 00:02:07,410 --> 00:02:09,570 So for me, it's been successful. 35 00:02:09,600 --> 00:02:15,600 Now, if I just visit Safana ESP Code Dot Net in the browser just like that, I live off the database. 36 00:02:15,630 --> 00:02:17,940 Open up a browser and just put that in press. 37 00:02:17,940 --> 00:02:25,170 Enter it is automatically chosen https and I've got a padlock, so that looks much more professional. 38 00:02:25,200 --> 00:02:27,850 Now it's all optional, whether you do this or not. 39 00:02:27,870 --> 00:02:33,060 This may not be important for you, but if you're managing a Gervonta service for clients, it's important 40 00:02:33,060 --> 00:02:34,120 that it looks professional. 41 00:02:34,180 --> 00:02:36,060 That's one of the things that you can do. 42 00:02:36,090 --> 00:02:41,970 Having a domain name is also useful when it comes to sending out email alerts because your email provider 43 00:02:42,000 --> 00:02:47,700 will do a reverse DNS look up on your IP address and it should resolve to the same name of the server 44 00:02:47,700 --> 00:02:48,960 that sent the email address. 45 00:02:49,050 --> 00:02:49,920 I'll show you that later. 46 00:02:49,950 --> 00:02:56,010 Now, to understand what support has done, if we just clear this support has taken that configuration 47 00:02:56,010 --> 00:03:05,040 file that was in ETSI sites enabled so CTP, ATC and genetics sites enabled. 48 00:03:05,850 --> 00:03:11,080 And if we just look at this fall here or FORNISCE Code Dot need to confirm or see what it did, though 49 00:03:11,140 --> 00:03:18,020 we can just write Cat, which allows us to read text files or foreign stories, be code on it or confirm 50 00:03:18,180 --> 00:03:20,920 what we can see that it has modified the file a little bit. 51 00:03:20,940 --> 00:03:23,400 This is what we originally wrote down here. 52 00:03:23,440 --> 00:03:24,480 The server name Gryphon. 53 00:03:24,480 --> 00:03:30,790 I speak code dot net, but instead now it's returning a 44 not found, but before it gets to that point. 54 00:03:30,840 --> 00:03:37,350 If host equals Safana s code dot net, it will do a 3.1 redirect back to our browser, which tells the 55 00:03:37,350 --> 00:03:41,440 browser to use hACE2 TPS colon slash slash instead. 56 00:03:41,460 --> 00:03:48,030 Whatever the host and the error was okay, so poor it is still being used, but it's being used to return 57 00:03:48,030 --> 00:03:52,740 a three one redirect pointing to the hate https version of the website support, right? 58 00:03:52,740 --> 00:03:59,850 Or that for us if I go up higher server name is California s code dot net proxy pass to hate it to be 59 00:03:59,850 --> 00:04:00,960 localized 3000. 60 00:04:00,960 --> 00:04:01,870 So that's still good. 61 00:04:01,890 --> 00:04:04,230 We're listening now on Port 443. 62 00:04:04,230 --> 00:04:06,240 That's the IPv6 version. 63 00:04:06,240 --> 00:04:11,040 And listen for for three SSL, that's the IP full version. 64 00:04:11,040 --> 00:04:15,840 Now, I don't have IP version six enabled on my digital ocean server, so that line is pretty much going 65 00:04:15,840 --> 00:04:16,380 to be ignored. 66 00:04:16,380 --> 00:04:18,660 But you might have that on your server one day. 67 00:04:18,660 --> 00:04:24,570 And here there are some more commands pointing to the location of the certificates that we just stored 68 00:04:24,660 --> 00:04:26,910 full time PM and eight pm. 69 00:04:27,000 --> 00:04:27,450 Excellent. 70 00:04:27,690 --> 00:04:30,160 So support is doing a whole lot of things for us now. 71 00:04:30,180 --> 00:04:36,360 These certificates don't last very long, but behind the scenes Snap D and support are both making sure 72 00:04:36,360 --> 00:04:39,390 that that certificate gets updated when it is about to expire. 73 00:04:39,510 --> 00:04:40,890 So excellent. 74 00:04:40,980 --> 00:04:46,200 Okay, so if you're using IWC, you probably have to create a new incoming rule in your security group 75 00:04:46,200 --> 00:04:47,640 for Port 443. 76 00:04:47,670 --> 00:04:53,610 You should also leave Port eight open, and it's safe to remove the rule that was credited. 77 00:04:53,790 --> 00:04:55,260 Gaining support 3000. 78 00:04:55,440 --> 00:05:00,420 Now, since I'm using digital ocean port, three thousand is still open, so this will actually still 79 00:05:00,420 --> 00:05:06,450 work if I did call and three thousand put that CTP. 80 00:05:07,050 --> 00:05:07,320 All right. 81 00:05:07,350 --> 00:05:09,240 I don't really want that to work anymore. 82 00:05:09,270 --> 00:05:14,790 I can actually create a firewall rule to block three thousand on my digital license server. 83 00:05:14,850 --> 00:05:21,180 Okay, so since I'm using Ubuntu, just going to clear a screen, I can list any IP tables rules that 84 00:05:21,180 --> 00:05:22,200 I have IP table. 85 00:05:22,200 --> 00:05:23,430 So there are none. 86 00:05:23,620 --> 00:05:31,440 OK, so first thing I want to do is I want to still allow Port 3000 to be called internally because 87 00:05:31,440 --> 00:05:37,950 we have the Engine X proxy forwarding to local host three thousand so I can use that command their IP 88 00:05:37,950 --> 00:05:38,520 tables. 89 00:05:38,520 --> 00:05:47,700 I input TCP source one 20 seven zero zero one destination port 3000 accept and drop everything else, 90 00:05:47,710 --> 00:05:54,060 so anything else trying to call 3000 will be dropped into so IP tables. 91 00:05:54,330 --> 00:06:02,370 Well, we now have a rule for Port 3000 so we can accept Port 3000 if it's being asked from local host 92 00:06:02,370 --> 00:06:05,370 and drop the connection if it's being asked from anywhere else. 93 00:06:05,400 --> 00:06:13,230 So now if I try to visit that address Gryphon ISP code on Netcom 3000 directly, it will eventually 94 00:06:13,230 --> 00:06:13,980 time out. 95 00:06:15,250 --> 00:06:20,100 And that's using a thing called IP tables, because I haven't enabled the firewall and digitalization, 96 00:06:20,110 --> 00:06:27,280 I'm doing that because unlike IWC or other cloud providers, Ocean doesn't force a firewall in front 97 00:06:27,280 --> 00:06:29,280 of your servers automatically. 98 00:06:29,290 --> 00:06:33,640 You have the option to manually block ports using IP tables. 99 00:06:37,290 --> 00:06:43,500 OK, so that's timed out eventually, but if I was to try and just visit that address in another window 100 00:06:43,500 --> 00:06:48,930 doesn't matter for Typekit CPTPP, even it gets automatically forward on the hastebin sacrifice be carried 101 00:06:48,930 --> 00:06:49,320 on it. 102 00:06:49,440 --> 00:06:51,000 So it's much more provisional anyway. 103 00:06:51,180 --> 00:06:51,840 So optional. 104 00:06:51,930 --> 00:06:52,410 Excellent. 105 00:06:52,680 --> 00:06:56,100 In the next section, we'll create our first data source. 106 00:06:56,310 --> 00:06:56,700 Excellent.