Enable HTTPS

To make your API more secure, it is best to enable HTTPS. We will do so by creating a free SSL certificate with certbot.

Before doing that, you will need to own a domain, you can buy a domain on any registrar such as Google Domain, and add a A record that points the domain to your server IP.

Then, to install certbot and create a SSL certificate, you can follow these steps:

https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates-on-ubuntu-22-04

When generating the SSL cert, turn off your NodeJS server because they verify your ssl using the port 80 so it cannot be already in use by your API. For auto-renewals to work, it is better to turn off http (and turn on only https) in your config.js

forever stop tcgapi

If you manage to create your SSL certificate successfully, remember the path where it was generated, it is usually here:

/etc/letsencrypt/live/yoursite.com/cert.pem

Go in your config.js file of your node app, and change the 3 paths to point to the full path of your cert files:

https_key (privkey.pem), https_ca (chain.pem), and https_cert (cert.pem).

Set allow_https to true (you can also set allow_http to false after everything works)

Restart the NodeJS app.

cd /server/api
forever start --uid tcgapi -a server.js

In insomnia, try to access a request with https:// instead of http://

In Unity, in Resources/NetworkData, check the box Api_Https