Skip to main content
Version: Next

Set HTTPS for application

HTTPS stands for HyperText Transfer Protocol Secure. It is an extension of HTTP (HyperText Transfer Protocol) and is used for secure communication over a computer network, particularly the Internet.

User can set HTTPS which support Let's Encrypt for application from graphic interface of Websoft9 Gateway.

Prerequisites

Necessary:

  • Enable 80,443 port of Security Group of your server
  • Complete the domain binding and user can access application by HTTP

Optional:

Set HTTPS from Websoft9 Gateway

  1. Login to Websoft9 Console and open the Gateway interface

  2. Go to Hosts > Proxy Hosts list all proxy

  3. Edit the target proxy and open the SSL tab to start set HTTPS

    • SSL Certificate: Suggest select Request a new SSL Certificate
    • Force SSL: Suggest don't enable it
    • Email Address: Fill your email to receive notifications of SSL

  4. Click Save, it will starting SSL automaticlly

  5. If failed, check your email and network, then try again

Set HTTPS from external Gateway

Below is the common notes for HTTPS settings from External Gateway

  1. Ensure that the external gateway and the server where the application is located can communicate with the intranet
  2. Container application ports need to be exposed to the host machine

Set HTTPS with CDN

If you use CDN with HTTPS, the following principles need to be followed

  • CDN to Websoft9 Gateway need HTTPS
  • Websoft9 Gateway to application container need HTTPS
  • All HTTPS points need use the same certificates

Upload certificates Websoft9

You can upload your certificates to Websoft9 Gateway for proxy hosts:

  1. Login to Websoft9 Console, and go to SSL Certificates interface of Websoft9 Gateway

  2. Open the Add SSL Certificate > Custom to upload certificates

HTTP redirect to HTTPS

  1. Login to Websoft9 Console and open Websoft9 Gateway interface

  2. Edit the target application Proxy Host, open the SSL tab and checkmark Force SSL

Create self-signed certificates

Create self-signed certificates is more convenient and efficient than get from CA Authority for testing or inner access.

Just running below openssl commands at your server, you can create self-signed certificates for domain or IP access.

openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key private.key -out request.csr
openssl x509 -req -days 365 -in request.csr -signkey private.key -out certificate.crt

Use certificates for IP

You can not get certificates from CA Authority, but you can use self-signed certificates for IP access.

Troubleshoot

Can I enable HTTPS in container?

Technically possible, but not as convenient as a Websoft9 Gateway