Enabling https SSL connection with The Lounge self-hosted IRC client

Please note: This is the same as https://nertant.com/2016/02/05/enabling-https-ssl-connection-with-the-shout-self-hosted-irc-client/ but updated for the more up-to-date fork called The Lounge.

The Lounge is a great self-hosted IRC client, similar to IRCCloud. Unfortunately it only supports http straight out of the box and enabling https is not documented. Here’s how to enable it.

First you should stop lounge.

Make a directory for our SSL certificate:

cd .lounge
mkdir ssl

Generate our SSL certificate:

openssl genrsa 1024 > key.pem
openssl req -x509 -new -key key.pem > key-cert.pem

Let’s edit our lounge config file to enable https and tell lounge where our SSL certificate is located.

nano .configjs

Find the section:

https: {

Change:

enable: false, to enable: true and populate the key and certificate fields:

key: "/home/nertant/.lounge/ssl/key.pem",

certificate: "/home/nertant/.lounge/ssl/key-cert.pem"

My config file looks like:

https: {
//
// Enable HTTPS support.
//
enable: true,
key: "/home/nertant/.lounge/ssl/key.pem",
certificate: "/home/nertant/.lounge/ssl/key-cert.pem"

Start lounge.

lounge start

lounge is now accessible from https. Since the SSL certificate is self-signed, your browser will likely present a warning when trying to access lounge. This can be disregarded for most personal uses. If your lounge instance is accessible by many people, it’s probably a good idea to use a paid SSL certificate to prevent seeing the warning message in the browser.

Setting up unattended upgrades for security on Debian

With the recent spate of vulnerabilities in popular Linux packages, I figured it was time to enable automatic updating of packages to ensure my servers are secure, even when I’m not there to manually update them. On Debian, setting up unattended upgrades is trivial.

The following commands need to be run with escalated privileges: sudo or root.

apt-get install unattended-upgrades
dpkg-reconfigure unattended-upgrades

Select yes after the last command and your system should now automatically upgrade to the latest packages (and hopefully be a bit more secure).

There are more advanced configurations and options to exclude certain packages from automatically updating. I recommend looking here and here if that suits your use case.