Contents

 

Objective

The objective of this guide is to show the necessary steps to use Fluig over the HTTPS protocol.

 

Obtain a valid certificate

The prerequisite for using SSL is having a valid digital certificate for your domain (for example: *.suaempresa.com.br). If your company does not have any digital certificate, it must be purchased from a certifying authority. It is not recommended to use self-signed certificates, since some browsers do not support this type of certificate and may cause unexpected behavior when using Fluig.

 

Icon

The formats currently supported are PCKS12.


Ask your certifying unit which steps are necessary to generate the CSR (Certificate Signing Request). Inform the certificate formats supported so that the certifying unit can provide the file in the correct format.

With the certificate copied to the server where Fluig is installed, follow the steps below.

SSL Configuration Procedures

  • Stop the JBoss service at Fluig.
  • Change the web subsystem tab in the standalone.xml file

  • Change the socket-binding tag in the http connector and add the https connector. Configure the <ssl> tag with the right paths to the certificate.

    <subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
	<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="localhost"/>
	<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
		<ssl name="${ssl_name}" password="${senha_certificado_ssl}" certificate-key-file="${diretório_certificado}.p12" protocol="ALL" ca-certificate-file="${diretório_certificado}.p12" keystore-type="PKCS12" truststore-type="PKCS12" session-timeout="1800"/>
	</connector>
<virtual-server name="default-host" enable-welcome-root="false">
<sso cache-container="web" cache-name="sso" reauthenticate="false"/>
</virtual-server>
</subsystem>

 

Note

Icon

 The following changes are required for the correct indexing of content on Fluig.

 

  • Change the property totvs/solrURL as follows: 

    <property name="totvs/solrURL" value="http://127.0.0.1:8080/indexer"/>

  • On the interface tag, add a new interface. 

    <interface name="localhost">
    <inet-address value="127.0.0.1"/>
</interface>

  • On the socket-binding-group tag, add a new socket-binding-group. 

    <socket-binding name="localhost" interface="localhost" port="8080" fixed-port="true"/>
  • Then, when restarting the JBoss service on Fluig, the access will be via HTTPS, on port 8443.

 

Configure chat and notifications

When configuring Fluig to work with HTTPS, the same should be done with the service responsible for the Chat and notifications (delivery of data from server to customers).

 

For such, the ${FLUIG_HOME}/node/bin/package.json file must be edited, adding the following information: 

"ssl" : {
     "usessl": true,
	 "port": 8443,
     "key": "/root/ssl/server.key",
     "cert": "/root/ssl/server.crt",
     "ca": "/root/ssl/server.crt"
}

The attributes must be changed as follows:

Attribute

Description

usessl

Inform as true to characterize the use of HTTPS configuration

port

Inform the port configured to receive HTTPS requests

key

Inform the key file path
cert Inform the certificate file path
ca Inform the certificate file path

Note

Icon

After the change, the Node.js service must be restarted.

Note

Icon

If the server has a proxy, it is necessary to release the chat ports to SSL on the proxy.


 

 

  • No labels