Karma Computing

How to set-up .app domains with ssl and apache

Christopher Simpson -

Get a new shiny .app domain name

Google sells .app domains, and many other registrars.

The key thing with .app domains is they must be served over https for browsers to load it. This means you must set-up an ssl certificate.

Add an A record pointing to your web server

Now you've got your new shiny app domain, add an 'A' record to your .app domain to point to your web server.

There's no magic here, (DNS isn't/cannot block http requests to your domain) it's down to the browser vendors to block http requests to .app domains. Google's got a lot of dommanance, so at least Chrome will block http requests to .app domtains. It won't be suprisinc if eventually all tdl's get this treatment in the future, and that's probably good.

Set-up apache virtual host for an .app domain

Create a new site virtual host config for you .app domain, it must be served over https so we'll use Certbot to generate an ssl certificate & apache config.

Create a standard apache vhost config, we'll use 000-default.conf as a template:

(Replace tnetennba.app.conf with your domain name...)

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/tnetennba.app.conf

Then fill in with your own domain name:

<VirtualHost *:80>
    ServerName tnetennba.app

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/tnetennba.app

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Create the directory & enable your awesome new website:

sudo mkdir /var/www/tnetennba.app
sudo a2ensite tnetennba.app
sudo service apache2 reload

Add a message to your awsome website for testing:

echo "That's a nice tnetennba." | sudo tee --append /var/www/tnetennba.app/index.html

Add a free SSL certificate to your .app domain using certbot

We assume you're using Ubuntu.. if you're not, then read: Certbot docs.

Get certbot-auto:

cd ~/
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

Run certbot auto to generate a certificate!

./certbot-auto --apache

Enter the number of the host you want to generate an ssl certificate for, and certbot-auto will do the rest!

Notice that certbot-auto automatically creates an additional apache config for ssl. We also choose option 2 to perform automatic redirects of http requests traffic https (which is a bit pointless on .app domains as those requests wouldn't work anyway):

Verify your .app domain is live and secured

By this time you'll have a .app domain with a valid ssl certificate thanks to letsencrypt.org: