I place the application server behind Nginx, so the user<->server TLS termination is being done by Nginx, and I don’t need an additional layer of encryption between the application server and Nginx on the same host.
I get a fatal error “tls cert and tls key must be set for the external api” when trying to start the application server without a certificate.
I suggest to document that it is not recommended to use the service by its own without TLS, and remove that limitation.
The web-interface and public api ([application_server.public_api]) must be secured by a TLS certificate and key, as this allows to run the gRPC and RESTful JSON api together on one port.