We have a requirement to use HTTPS and disable HTTP, currently we are using Artifactory OSS version 4.0.0 so redirecting http requests using reverse proxy is not feasible.
Any help would be much appreciated.
Thanks
Naresh.G
There are 2 options to achieve this:
Use an http reverse proxy such as NginX or Apache httpd in front of Artifactory. This can be done with any version of Artifactory including the OSS. Versions 4.3.1 and above includes a functionality which helps generating the reverse proxy configuration (please notice it does not configure the proxy but rather provide the required configuration).
Configure the Artifactory Tomcat with SSL/TLS support. The Tomcat documentation explains how to do that.
One thing to take into consideration is that you will get better performance using the first option
Related
I cannot figure out how to set my next js project to run on HTTPS.
I am using Next 12.3 and deploying on AWS EC2. I have my SSL sertificates and all ports are open. What should I do to run it like that?
P.S.
All the answers that I've found are about running on HTTPS during the development.
Some people even claimed that it is not natively supported by Next. Is this true?
If you setup nginx, this becomes extremely easy.
You can handle the SSL part in nginx and run your NextJS server normally and you will have a server running on HTTPS.
See Configuring HTTPS servers for setting up Nginx.
I installed passenger-modded version of nginx following this guide.
Unfortunately the version of nginx in the RPM was built with OpenSSL 1.0.1e which does not provide HTTP/2 ALPN support. Is building nginx from source my only option to enable HTTP/2 in this configuration?
You've a few options:
Install from source with OpenSSL also built from source.
Use Docker or other container technology to run this.
Upgrade to Centos 7.4 (literally just released at time of writing) as this includes OpenSSL 1.0.2 which includes ALPN support.
Use a CDN in front of your server so they provide the HTTP/2 support and you can stay on HTTP/1 for now. Cloudflare offer free plans for this for example.
Similar to above, put another server/load balancer in front of Nginx which supports HTTP/2 and proxies requests to Nginx.
Now that ASP.Net Core has been released I feel it's time to ask this question.
For my web application, I need to use a WebListener server due a business requirement for self-hosting and NTLM authentication for Windows IDs. The Weblistener server needs an SSL Certificate.
I have generated a SSL certificate and know that for Kestrel it is pulled up in the code of the web server (in Program.cs or Startup.cs). But what is the equivalent way to do that for Weblistener?
I found this post: How to Use HTTPS with Microsoft.AspNet.Server.WebListener but it was never truly answered. A couple hours of Googling didn't turn up anything either for me.
From what I can tell it is some kind of command like:
netsh http add sslcert
But I am in over my head in terms of what I need to do for Weblistener specifically. If possible, I'd love to pull in the certificate using code similar to Kestrel in the startup sequence (it's so convenient!), but I am pretty sure I need to install it with the command line.
Thank you very much in advance!
As davidfowl said, the article https://weblog.west-wind.com/posts/2013/sep/23/hosting-signalr-under-sslhttps does outline the process needed and explains it well. It mentions SignalR instead of WebListener but the procedure is the same.
Upon further research if you need to go without IIS (as you might if you are using WebListener because of a business requirement to not be allowed to install IIS) Powershell is a good way to generate self-signed certificates or you can use MMC to obtain a certificate as well.
I am trying to understand the entire web/framework/application stack when installing ASP.NET 5 on Linux.
All the instructions I have read, including this one haven't really answered my question:
Why can't Nginx server work without Kestrel like here: http://www.mono-project.com/docs/web/fastcgi/nginx/ ?
Or am I way off. I'm trying to understand what the reason is for this structure:
.NET Core(or mono) --> Kestrel --> Nginx
Isn't Kestrel just another web server like Nginx but with a lot less features?
ASP.NET Core (ASP.Net 5) doesn't require Kestrel!
You're right, Kestrel is just a simple HTTP server with a small set of features. You can run ASP.NET Core without Kestrel on Linux or Mac, but you must either have an HTTP server or a fastCGI server.
Nginx is used as a reverse proxy for static contents in general and you can also enable gzip compression on your dynamic content. Kestrel doesn't have this feature.
You can also write your own HTTP server with the specific HTTP features you need (HTTP2 for example).
Necromancing.
Yes, it does in fact require Kestrell.
As Agua says, theoretically, it could also be run on some other http-server than Kestrell, one that can run .NET Core, or via FastCGI.
However, AFAIK, Kestrell is the only http-server currently in existance that can actually do that.
And because AFAIK, a FastCGI-server/library written in .NET Core doesn't (yet) exist.
Right now, if you want to use .NET Core with nginx or Apache, all you can do is to reverse-proxy requests to kestrell.
I manually installed Artifactory(V 2.6) on my centos and am using it with its own standalone jetty container. I use artifactoryctl start to start it and now I can access it using http://myhostname:8081/artifactory.
What is the best and easy way to put this behind https now?
Note: It will be nice if I can have both http and https access.
Any help is appreciated.
Thanks
Please upgrade to the latest Artifactory version.
Starting Artifactory 3, it comes with embedded Tomcat, please refer to the official Tomcat documentation on how to configure SSL on Tomcat.
Another option might be configuring Artifactory behind Apache or Ngnix HTTP servers. In this case, Artifactory user guide provides documentation on how to configure ssl for the former and for the later.