--- a/rlgwebd	Sat Apr 23 18:53:08 2016 -0400
+++ b/rlgwebd	Sun Jan 01 20:18:01 2017 -0500
@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 
 var http = require('http');
+var https = require('https');
 var net = require('net');
 var url = require('url');
 var path = require('path');
@@ -13,9 +14,14 @@
 var WebSocketServer = require("websocket").server;
 
 /* Configuration variables */
-// The first file is NOT in the chroot.
+// These first files are NOT in the chroot.
+var domain_name = "rlgallery.org";
 var ctlsocket = "/var/run/rlgwebd.sock";
+var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem";
+var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem";
+var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem";
 var httpPort = 8080;
+var httpsPort = 8081;
 var chrootDir = "/var/dgl/";
 var dropToUser = "rodney";
 var serveStaticRoot = "/var/www/"; // inside the chroot
@@ -1212,6 +1218,12 @@
   fs.unlinkSync(ctlsocket);
 }
 
+var tls_options = {
+  key: fs.readFileSync(keyfile),
+  cert: fs.readFileSync(certfile),
+  ca: fs.readFileSync(cafile)
+};
+
 /* Open the control socket before chrooting where it can't be found */
 var ctlServer = net.createServer(function (sock) {
   sock.on('data', consoleHandler);
@@ -1242,6 +1254,12 @@
   wsServer = new WebSocketServer({"httpServer": httpServer});
   wsServer.on("request", wsHandler);
   tslog('WebSockets are online'); 
+  var httpsServer = https.createServer(tls_options, webHandler);
+  httpsServer.listen(httpsPort);
+  tslog('TLS running on port %d', httpsPort); 
+  wssServer = new WebSocketServer({"httpServer": httpsServer});
+  wssServer.on("request", wsHandler);
+  tslog('Secure WebSockets are online'); 
   progressWatcher = startProgressWatcher();
   setInterval(pushStatus, 40000);
 });