SSL Connection with Realm Mobile Platform

Transcript

1. PROFILE KAZUYA UEOKA iOS engineer in Timers inc. Twitter: @fromkk

   Github: fromkk Qiita: fromkk 1 — (C) fromkk. 2016

2. I INTERESTED IN REALM MOBILE PLATFORM 2 — (C) fromkk.

   2016

3. > http://techblog.timers-inc.com/entry/ realmmobileplatform > https://speakerdeck.com/fromkk/try-realm-mobile- platform 3 — (C) fromkk.

   2016

4. BUT 4 — (C) fromkk. 2016

5. REALMSWIFT SAMPLE CODE 5 — (C) fromkk. 2016

6. 6 — (C) fromkk. 2016

7. ATS https://developer.apple.com/videos/ play/wwdc2016/706/ 7 — (C) fromkk. 2016

8. ! 8 — (C) fromkk. 2016

9. SSL CONNECTION WITH REALM OBJECT SERVER REALM MEETUP ๨೥ձ 2016

   9 — (C) fromkk. 2016

10. PLATFOTM > Sakura VPS > CentOS 7 > Nginx(proxy) >

    Let's Encrypt > Realm Object Server 10 — (C) fromkk. 2016

11. FIREWALL firewall-cmd --add-service=http --zone=public --permanent firewall-cmd --add-service=https --zone=public --permanent firewall-cmd

    --permanent --add-port=9080/tcp --permanent firewall-cmd --reload 11 — (C) fromkk. 2016

12. INSTALL REALM OBJECT SERVER # Setup Realm's PackageCloud repository curl

    -s https://packagecloud.io/install/repositories/realm/realm/script.rpm.sh | sudo bash # Install the Realm Object Server sudo yum -y install realm-object-server-de # Enable and start the service sudo systemctl enable realm-object-server sudo systemctl start realm-object-server 12 — (C) fromkk. 2016

13. http://yourdomain.com:9080/ 13 — (C) fromkk. 2016

14. INSTALL NGINX rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm yum -y update nginx-release-centos yum

    -y --enablerepo=nginx install nginx 14 — (C) fromkk. 2016

15. TRY PROXY /etc/nginx/conf.d/default.conf server { listen 80; server_name _; location

    / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_pass http://127.0.0.1:9080; } } 15 — (C) fromkk. 2016

16. http://yourdomain.com/ 16 — (C) fromkk. 2016

17. LET'S ENCRYPT 17 — (C) fromkk. 2016

18. INSTALL LET'S ENCRYPT cd /opt git clone https://github.com/certbot/certbot cd ./certbot

    ./certbot-auto certonly --standalone -d yourdomain.com 18 — (C) fromkk. 2016

19. 19 — (C) fromkk. 2016

20. IMPORTANT NOTES: - Congratulations! Your certificate and chain have been

    saved at /etc/letsencrypt/live/yourdomain.com/fullchain.pem. Your cert will expire on 2017-03-03. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you lose your account credentials, you can recover through e-mails sent to [email protected]. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le 20 — (C) fromkk. 2016

21. /etc/nginx/conf.d/default.conf server { listen 443 ssl; server_name yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;

    ssl_trusted_certificate /etc/letsencrypt/live/yourdomain.com/chain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE+RSAGCM:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL!eNull:!EXPORT:!DES:!3DES:!MD5:!DSS; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_pass http://127.0.0.1:9080; } } 21 — (C) fromkk. 2016

22. https://yourdomain.com/ 22 — (C) fromkk. 2016

23. 23 — (C) fromkk. 2016

24. ! 24 — (C) fromkk. 2016

25. SAMPLE SWIFT CODE WITH REALM import Realm import RealmSwift let

    credential: SyncCredentials = SyncCredentials.usernamePassword(username: "YOUR USER NAME", password: "YOUR PASSWORD") SyncUser.logIn(with: credential, server: URL(string: "https://yourdomain.com/")!, onCompletion: { [weak self] (user, error) in if let user = user { let configuration = Realm.Configuration(syncConfiguration: SyncConfiguration(user: user, realmURL: URL(string: "realm://yourdomain.com:9080/~/realm")!)) Realm.Configuration.defaultConfiguration = configuration //write your code! } else if let error = error { print("login failed \(error)") } }) 25 — (C) fromkk. 2016

26. REMOVE ATS SETTING FROM Info.plist - <key>NSAppTransportSecurity</key> - <dict> -

    <key>NSAllowsArbitraryLoads</key> - <true/> - </dict> 26 — (C) fromkk. 2016

27. SUMMARY > Your can use Realm Object Server with SSL

    on Nginx proxy. > SSL certification for Free with Let's encrypt. > Ready for 2017 with Realm Mobile Platform! 27 — (C) fromkk. 2016

28. THANK YOU FOR LISTENING! 28 — (C) fromkk. 2016