Make the directory. Although, actually, as of today, that directory will be made for you now.
Also, I believe that various research indicated that spying is being done on unencrypted backend connections. You should have SSL all the way through, even if on self-signed certs as long as the cert sha-2 fingerprint is verified.