Using HTTPS for Secure Server Communication

:!: NOTE: The method described here has been replaced by the nginx reverse proxy method when using our Linux based server image. The method described below still applies for Linux server image versions prior to 221214, as those don't have nginx pre-installed. It can also be used if you run Blocks server on Mac, Windows or any other environment where nginx is not available.

To make Blocks serve your content over HTTPS you have to add a certificate for your domain and configure Blocks to use it. Follow the steps below:

  1. Place the certificate (typically a file ending with .p12) in your PIXILAB-Blocks-root folder (located in the home directory of the user account under which you run the server).
  2. Open your Blocks server configuration file.
  3. Under server.applicationConnectors, make sure the settings shown below are configured as appropriate for your domain name and certificate.
  4. Restart Blocks.
server:
  type: pixilab_server
  requireHttps: true
  applicationConnectors:
    - type: http
      port: 8080
    - type: https
      port: 8443
      keyStorePath: pixi.guide.p12
      keyStoreType: PKCS12
      keyStorePassword: ********
      certAlias: 1
  • keyStorePath is the path to the key store which contains the host certificate and private key. May be a relative path if stored under the PIXILAB-Blocks-root
  • keyStoreType is the type of the key store used in the certificate, in our case "PKCS12" (aka "p12").
  • keyStorePassword is the password used to access the certificate file.
  • certAlias is the alias name given to the proper certificate in the file (as it may contain more than one).

The requireHttps option will enforce the use of HTTPS (except for unauthenticated Spots), preventing users from accidentally using the insecure http method.

Once you have HTTPS working on your server, you may also want to switch to the form based login method, since that method allows users to log out without having to close the web browser.