Skip to content

Configuring HTTPS

Before you start

Goal

  • Serve a secure HTTPS endpoint.

Prerequisites

  • An installed Hub server.
  • Administration privileges for the server host.
  • The certificate and private key (in PEM format) you wish to use.

Copy the files onto the server

Copy the certificate and key files onto the server to ensure the ingress server user can access the files, and secure the private key:

chgrp slchub cert.pem key.pem
chmod 0660 cert.pem key.pem

Configure ingress HTTPS

In order to enable HTTPS, the ingress.tls.enabled property needs to be set to true.

In addition, the ingress.tls.certFile and ingress.tls.keyFile properties need to be set to the locations of the certificate file and the private key file respectively.

Optionally the ingress.port configuration setting can be set to change the port on which the hub will listen. This listening port will not automatically be set to 443 when the scheme is set to https, this must be set explicitly. The Altair SLC Hub ingress gateway service runs with the capability required to bind to ports less than 1024, so this can be set to port 443 if desired.

Note

If the port is set to 443 for HTTPS, it is necessary to also manually set the url property to ${ingress.scheme}://${ingress.hostname} (that is, remove the :${ingress.port} part)

The installation defaults for these settings along with comments on their use are found in the hub configuration file [etc directory]/config.d/ingress.yaml.

To modify any of these settings, create a copy of the file and save it with a lexicographically greater name such as [etc directory]/config.d/ingress_custom.yaml.

Edit the settings specified above and verify the effective configuration settings.

Verify Server Certificate Configuration

  • View the configuration changes.

Check the Hub configuration is updated by running the following command:

hubctl config print ingress

Restart Altair SLC Hub Services

Although not all services are affected by this change, we recommend you restart all Altair SLC Hub services using the following command:

hubctl service restart

The Altair SLC Hub installation must be specified in the %Path% variable.

Verification

Verify Server Certificate

  • Connect to the website.

Use a browser to navigate to the Hub portal and verify that it is still possible to access the portal.

TLS Version Used

The ingress server is configured to use TLS 1.2 as a minimum protocol version.