| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| blocks:server:https [2019-08-23 07:59] – Removed path that's no longer needed and clarified some details admin | blocks:server:https [2023-04-24 08:14] (current) – Improved initial note text admin |
|---|
| ===HTTPS=== | ======Using HTTPS for Secure Server Communication====== |
| | |
| | :!: **NOTE**: The method described here has been replaced by the [[blocks:server:nginx|nginx reverse proxy]] method when using our Linux based server image. The method described below still applies for Linux server image versions prior to 221214, as those don't have nginx pre-installed. It can also be used if you run Blocks server on Mac, Windows or any other environment where nginx is not available. |
| |
| To make Blocks serve your content over HTTPS you have to add a certificate for your domain and configure Blocks to use it. Follow the steps below: | To make Blocks serve your content over HTTPS you have to add a certificate for your domain and configure Blocks to use it. Follow the steps below: |
| |
| - Place the certificate, ending with .p12, in your PIXILAB-Blocks-root folder (located in the home directory of the user account under which you run the server). | - Place the certificate (typically a file ending with .p12) in your PIXILAB-Blocks-root folder (located in the home directory of the user account under which you run the server). |
| - Open your Blocks server configuration file. | - Open your Blocks server configuration file. |
| - Under server.applicationConnectors, make sure the settings shown below are configured as appropriate for your domain name and certificate. | - Under server.applicationConnectors, make sure the settings shown below are configured as appropriate for your domain name and certificate. |
| server: | server: |
| type: pixilab_server | type: pixilab_server |
| | requireHttps: true |
| applicationConnectors: | applicationConnectors: |
| - type: http | - type: http |
| port: 9080 | port: 8080 |
| - type: https | - type: https |
| port: 9443 | port: 8443 |
| keyStorePath: pixi.guide.p12 | keyStorePath: pixi.guide.p12 |
| keyStoreType: PKCS12 | keyStoreType: PKCS12 |
| keyStorePassword: ******** | keyStorePassword: ******** |
| certAlias: 1 | certAlias: 1 |
| </code> | </code> |
| | |
| - **keyStorePath** is the path to the key store which contains the host certificate and private key. May be a relative path if stored under the PIXILAB-Blocks-root | * **keyStorePath** is the path to the key store which contains the host certificate and private key. May be a relative path if stored under the PIXILAB-Blocks-root |
| - **keyStoreType** is the type of the key store used in the certificate, in our case "PKCS12" (aka "p12"). | * **keyStoreType** is the type of the key store used in the certificate, in our case "PKCS12" (aka "p12"). |
| - **keyStorePassword** is the password used to access the certificate file. | * **keyStorePassword** is the password used to access the certificate file. |
| - **certAlias** is the alias name given to the proper certificate in the file (as it may contain more than one) | * **certAlias** is the alias name given to the proper certificate in the file (as it may contain more than one). |
| | |
| | The //requireHttps// option will enforce the use of HTTPS (except for unauthenticated Spots), preventing users from accidentally using the insecure http method. |
| | |
| | Once you have HTTPS working on your server, you may also want to switch to the [[blocks:server:form_authentication|form based login method]], since that method allows users to log out without having to close the web browser. |