-
Notifications
You must be signed in to change notification settings - Fork 2
tls
viya-appserverjs can be configured to support TLS.
This is accomplished by the following configurations
Make sure VIYA_SERVER is set as https://....
Also make sure that the redirects for your clientid is https://{APPHOST}{APPPORT}/{your-redirect-endpoint} Some examples:
This causes more headaches than one would expect :-(
- Set the SAMESITE settings to Default. (Note: Make sure SAMESITE in Dockerfiles is None,secure)
- You might have to set this flag to enabled to allow Chrome to accept unsigned certificate from the api server(if that is the setting)
Allow invalid certificates for resources loaded from localhost.
At this time, I do not have any information on the other browsers.
Use https when specifying the APPHOST and APPORT as shown below.
APPHOST=https://mymachine
APPPORT=443You must specify one of the following sets
TLS_KEY=path-to-key
TLS_CERT=path-to-certTLS_PFX=../certs/sascert/sascert2.pfx
TLS_PW=rafdemo
Optionally you can also pass in a CA bundle
TLS_CABUNDLE=path-to-your-ca-bundleBefore you do that contact your IT to see if they have some standard process to obtain certificates.
You might find the following commands useful if you want to do it yourself.
openssl req -x509 -newkey rsa:2048 -keyout ./certs/key.tmp.pem -out ./certs/certificate.pem -days 365 -nodes -subj "/C=US/ST=NC/L=Cary/O=ORG/OU=DEPT/CN=localhost"
openssl rsa -in ./certs/key.tmp.pem -out ./certs/key.pem
Replace the values in the subj strign with values appropriate for your use case ex: /C=US/ST=NC/L=Cary/O=ACME/OU=MKT/CN=acme.apps.com
-
Securing Node.js apps with SSL/TLS - https://blog.usejournal.com/securing-node-js-apps-with-ssl-tls-b3570dbf84a5
-
OpenSSL Tutorial: How Do SSL Certificates, Private Keys, & CSRs Work? https://phoenixnap.com/kb/openssl-tutorial-ssl-certificates-private-keys-csrs
-
OpenSSL Quick Reference Guide https://www.digicert.com/kb/ssl-support/openssl-quick-reference-guide.htm