TLS configuration

Skytable lets you secure connections with TLS. This feature is built into Sky with OpenSSL and doesn’t require you to have OpenSSL installed. You can enable TLS by using your preferred mode of configuration.

Step 1: Create a self-signed certificate and private key

This is outside the scope of this document, but you can read this guide on Stackoverflow to get a brief idea of creating one.

Step 2: Add it to your configuration and launch

With config files

Add the following block:

  1. [ssl]
  2. key = "/path/to/keyfile.pem"
  3. chain = "/path/to/chain.pem"
  4. port = 2004
  5. only = true

The above block is self-explanatory; you just have to add the paths to the private key and certificate files and add the port (if required).

By setting only to true, the server will only accept accept secure connections. In other cases, the server listens to two ports: 2003 and 2004, a non-TLS port and a TLS port (similar to port 80 and port 443 in HTTP/HTTPS). As expected, you can configure this port number to suit your needs.

note

We use the terms SSL and TLS interchangeably, when what we really mean is TLS.

With command-line arguments

Simply start skyd with:

  1. skyd -z cert.pem -k key.pem
Tip

You can pass the --sslonly flag to force the server to only accept secure connections, disabling the non-SSL interface. When this flag is not passed, and other SSL options are given — the server listens to both SSL and non-SSL requests

Note

To use TLS with the Skytable shell (skysh) just run:

  1. skysh -C /path/to/cert.pem --port [SSLPORT]

and you’ll be on a secure connection. Don’t forget the SSL port! The skytable daemon binds the secure listener on a different port when in multi-socket mode.