Sandstorm and HTTPS

If you are using a hostname like example.sandcats.io, then you likely already have working HTTPS (SSL) for your hostname. This page provides details on a variety of options for setting up HTTPS, including the sandcats.io free certificates.

How to get HTTPS on your Sandstorm install

You have a few options.

  • Use sandcats.io free HTTPS, a free service of the Sandstorm.io company. Read details, including how to enable/disable, on that page. Sandstorm automatically renews these certificates, and they are valid in virtually all browsers.

  • Run a reverse proxy such as nginx using a wildcard certificate that you acquire from a certificate vendor like GlobalSign. This is typically valid in all browsers and costs some money.

  • Set up a custom certificate authority for you and your server, also known as self-signed SSL. This will only be valid for browsers that you configure accordingly.

To share port 443 with other services on the same machine:

  • You can install sniproxy to share port 443 between your existing server and Sandstorm so that Sandstorm can manage (and autorenew) its own certificates. This allows you to combine an existing web server on port 443 with free sandcats.io HTTPS.

  • You can follow this guide that explains how to use a cron script to extract the certificates from your (sandcats.io enabled) Sandstorm installation to a location and format where your reverse proxy can use them so it can serve Sandstorm by HTTPS, keeping your sandcats.io domain and free auto-renewable certificates, along with any other services on your server.