SSL configuration in Apiary

Important! * currently, after the installation the WebUI is available both on HTTP and HTTPS independently of each other (without redirecting). This will be fixed in the next versions. * when you install the platform, you get self-signed certificates for HTTPS. We do not recommend using them.

You can configure SSL by one of the following methods:

1. Upload SSL certificates in the PEM format to the directory /opt/hw-fh/bssl. These files will not be overwritten when upgrading to the next version. You can also store certificates in a different directory if the default directory does not suit you. To change default directory, add the f.ssl.dir parameter to the /opt/hw-fh/config/user.ini file and indicate new path, f.e.:

   [main]
   f.ssl.dir = new_path
   

2. Configure proxy your own server before installation of the Hive. For example, configure nginx, which will proxy all requests for Hive. To install your proxy server on the same virtual machine, you need to change the following options: f.ssl.enabled,f.deck.ip.expose and f.deck.port.expose. Additionally, you can change the following parameters: f.deck.https.ip.expose and f.deck.https.port.expose. Example:

   [main]
   f.ssl.enabled = yes
   f.deck.ip.expose = 127.0.0.0
   f.deck.port.expose = 143
   

To apply changes, run the command:

/opt/hw-fh/bin/reconfig

Note: to get more information about the listed above parameters, see the file /opt/hw-fh/config/user-template.ini on the platform.

See also

• Setup ports for external connections
• Getting started: projects in Apiary
• Add users to the Apiary Platform