It's hard to not at least have some level of security nowadays, so you don't have to worry about a passive listener seeing sensitive information, but a man-in-the-middle (MITM) attack could defeat encryption, revealing your credentials, chat messages, etc. To prevent this, we can use the same security that you are already used to when browsing the web.
You're going to need...
certbot command to work; this guide will explain the rest)With SpaceNinjaServer (or the Dockerized Server) running:
cd into the "SpaceNinjaServer" or "OpenWF Dockerized Server" foldercertbot certonly --non-interactive --agree-tos --key-type rsa --webroot -w . -d $(curl http://my.iptls.com)You should now have a certificate. We're going to assume it's stored in /etc/letsencrypt/live/x-x-x-x.iptls.com/.
If you're not using Docker:
"httpsCertFile" to "/etc/letsencrypt/live/x-x-x-x.iptls.com/fullchain.pem" (adjust accordingly)"httpsKeyFile" to "/etc/letsencrypt/live/x-x-x-x.iptls.com/privkey.pem" (adjust accordingly)If you are using Docker:
/etc/letsencrypt/live/x-x-x-x.iptls.com/fullchain.pem:/etc/letsencrypt/live/x-x-x-x.iptls.com/fullchain.pem:ro (adjust accordingly)/etc/letsencrypt/live/x-x-x-x.iptls.com/privkey.pem:/etc/letsencrypt/live/x-x-x-x.iptls.com/privkey.pem:ro (adjust accordingly)/etc/letsencrypt/live/x-x-x-x.iptls.com/fullchain.pem:/app/cert/cert.pem:ro (adjust accordingly)/etc/letsencrypt/live/x-x-x-x.iptls.com/privkey.pem:/app/cert/key.pem:ro (adjust accordingly)"httpsCertFile" to "/etc/letsencrypt/live/x-x-x-x.iptls.com/fullchain.pem" (adjust accordingly)"httpsKeyFile" to "/etc/letsencrypt/live/x-x-x-x.iptls.com/privkey.pem" (adjust accordingly)The client config can now have secure_connections set to true, with server_host being the hostname we got a certificate for.
With secure_connections, a MITM attack will now be surfaced via a connection failure and the attacker won't receive your credentials, chat messages, etc.