run daemon in https and automatic https

[dfang]

insecure receiver listens on http port, the url will be like http://IP:PORT, you can't send ajax requests on a https page.

automatic https support like caddy, and with auth token in header would be better .....

no need to remove insecure receiver, it's best for testing