PIXILAB Wiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
Next revision Both sides next revision
blocks:server:https [2019-03-20 09:54]
max created 		blocks:server:https [2021-04-23 08:26]
admin Added requireHttps
Line 3: Line 3:
 To make Blocks serve your content over HTTPS you have to add a certificate for your domain and configure Blocks to use it. Follow the steps below: To make Blocks serve your content over HTTPS you have to add a certificate for your domain and configure Blocks to use it. Follow the steps below:
  
-  - Place the certificateending with .p12in your PIXILAB-Blocks-root folder (located in the home directory of the user account under which you run the server).+  - Place the certificate (typically a file ending with .p12in your PIXILAB-Blocks-root folder (located in the home directory of the user account under which you run the server).
   - Open your Blocks server configuration file.   - Open your Blocks server configuration file.
-  - Under server.applicationConnectors, make sure the following properties exists under https: +  - Under server.applicationConnectors, make sure the settings shown below are configured as appropriate for your domain name and certificate. 
-      <code>+  - Restart Blocks. 
 + 
 +<code>
 server: server:
   type: pixilab_server   type: pixilab_server
 +  requireHttps: true
   applicationConnectors:   applicationConnectors:
     - type: http     - type: http
-      ...+      port: 8080
     - type: https     - type: https
-      port: 9443 +      port: 8443 
-      keyStorePath: "/home/pixi-server/cert.p12" +      keyStorePath: pixi.guide.p12 
-      keyStoreType: "PKCS12" +      keyStoreType: PKCS12 
-      keyStorePassword: "..." +      keyStorePassword: ******** 
-    </code> +      certAlias: 1 
-  **keyStorePath** is the path poiting to your certificate file+</code> 
-  **keyStoreType** is the type of certificate we use, in our case "PKCS12"+ 
-  **keyStorePassword** is the password for your certificates private key.+  **keyStorePath**  is the path to the key store which contains the host certificate and private keyMay be a relative path if stored under the PIXILAB-Blocks-root 
 +  **keyStoreType** is the type of the key store used in the certificate, in our case "PKCS12" (aka "p12")
 +  **keyStorePassword** is the password used to access the certificate file. 
 +  * **certAlias** is the alias name given to the proper certificate in the file (as it may contain more than one). 
 + 
 +The //requireHttps// option will enforce the use of HTTPS (except for unauthenticated Spots), preventing users from accidentally using the insecure http method. 
 + 
 +Once you have HTTPS working on your server, you may also want to switch to the [[blocks:server:form_authentication|form based login method]], since that method allows users to log out without having to close the web browser.