NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: Jim A on March 26, 2018, 05:36:25 PM

Title: DNS / Certificate questions
Post by: Jim A on March 26, 2018, 05:36:25 PM

Hi All:  It's been awhile since I've done much with NTWS but would like to get things going again.  I had previously used the server's IP address and port and simply set the connection as secure. I shut down that app a few years ago.  From what I've been able to gather now, I need to get a domain that points to the private server's IP, and use Let's Encrypt or buy a certificate for that domain.  Correct?

I really don't want to expose the server to anything but the web app.   What measures can or should I take to achieve that?

If there's a webinar for this, please let me know. 

Thank you,

Jim

Title: Re: DNS / Certificate questions
Post by: Jim A on April 02, 2018, 03:31:30 PM

It's probably a dumb question, sorry.  Maybe it'll help to rewrite what I'm after.

1.  To use Let's Encrypt, do I need to assign a domain name to our IP address?

2.  If the answer above is true, can I assign a domain name to a port number on the IP address?

Thanks,

Jim

Title: Re: DNS / Certificate questions
Post by: bshields on April 02, 2018, 09:57:10 PM

Hi Jim,

This is a over simplified explanation. It can be more specific with more details.

Yes, a domain name needs to be associated with a IP address. Period. Irrespective of LetsEncrypt or normal SSL certificate. You cannot control ports with Domain names. They aren't designed that way.

Generally, you control the ports at the firewall (router) or Server (if the server has a public IP - very rare, now-a-days).

You need to know the public IP address that can be routed to your server. Thats the IP you'll "delegate" to your domain name (via your DNS servers).

Then use the router that controls your servers access to the internet to manage which ports have access. If its a virtual server, your provider probably controls this access. In which case there is probably a setting in your control panel, or your could send them an email). If its your own servers, you probably already know this.

Just ask them to open port 80 (http) and port 443 (https) and close all other ports unless you need them (eg RDP uses 3389 so if you RDP to your box you'll need that).

Regards
Bill

Title: Re: DNS / Certificate questions
Post by: Jim A on April 03, 2018, 03:37:28 AM

Thank you Bill!  Exactly what I needed to know.