Skytable lets you secure connections with TLS. This feature is built into Sky with OpenSSL and doesn't require you to have OpenSSL installed. You can enable TLS by using your preferred mode of configuration.
Step 1: Create a self-signed certificate and private key
This is outside the scope of this document, but you can read this guide on Stackoverflow to get a brief idea of creating one.
Step 2: Add it to your configuration and launch
With config files
Add the following block:
key = "/path/to/keyfile.pem"
chain = "/path/to/chain.pem"
port = 2004
only = true
The above block is self-explanatory; you just have to add the paths to the private key and certificate files and add the port (if required).
true, the server will only accept accept secure connections. In other cases,
the server listens to two ports:
2004, a non-TLS port and a TLS port (similar to port
80 and port 443 in HTTP/HTTPS). As expected, you can configure this port number to suit your needs.
We use the terms
TLS interchangeably, when what we really mean is TLS.
With command-line arguments
skyd -z cert.pem -k key.pem
You can pass the
--sslonly flag to force the server to only accept secure connections, disabling the non-SSL interface. When this flag is not passed, and other SSL options are given — the server listens to both SSL and non-SSL requests
To use TLS with the Skytable shell (
skysh) just run:
skysh -C /path/to/cert.pem --port [SSLPORT]
and you'll be on a secure connection. Don't forget the SSL port! The skytable daemon binds the secure listener on a different port when in multi-socket mode.