Configuring HTTPS¶
Before you start¶
Goal
- Serve a secure HTTPS endpoint.
Prerequisites
- An installed Hub server.
- Administration privileges for the server host.
- The certificate and private key (in PEM format) you wish to use.
Copy the files onto the server¶
Copy the certificate and key files onto the server to ensure the ingress server user can access the files, and secure the private key:
chgrp slchub cert.pem key.pem
chmod 0660 cert.pem key.pem
Configure ingress HTTPS¶
In order to enable HTTPS, the ingress.tls.enabled
property needs to be set to true
.
In addition, the ingress.tls.certFile
and ingress.tls.keyFile
properties need to be
set to the locations of the certificate file and the private key file respectively.
Optionally the ingress.port
configuration setting can be set to change the port on which
the hub will listen. This listening port will not automatically be set to
443 when the scheme is set to https
, this must be set explicitly. The Altair SLC Hub
ingress gateway service runs with the capability required to bind to ports less than
1024, so this can be set to port 443 if desired.
Note
If the port is set to 443
for HTTPS, it is necessary to also manually set the url
property to
${ingress.scheme}://${ingress.hostname}
(that is, remove the :${ingress.port}
part)
The installation defaults for these settings along with comments on their use are found in the hub configuration file [etc directory]/config.d/ingress.yaml
.
To modify any of these settings, create a copy of the file and save it with a lexicographically greater name such as [etc directory]/config.d/ingress_custom.yaml
.
Edit the settings specified above and verify the effective configuration settings.
Verify Server Certificate Configuration
- View the configuration changes.
Check the Hub configuration is updated by running the following command:
hubctl config print ingress
Restart Altair SLC Hub Services¶
Although not all services are affected by this change, we recommend you restart all Altair SLC Hub services using the following command:
hubctl service restart
The Altair SLC Hub installation must be specified in the %Path%
variable.
Verification¶
Verify Server Certificate
- Connect to the website.
Use a browser to navigate to the Hub portal and verify that it is still possible to access the portal.
TLS Version Used¶
The ingress server is configured to use TLS 1.2 as a minimum protocol version.