Foresight Mobile Platform supports connection via the HTTPS protocol:
The HTTPS protocol provides TLS sessions if there is an encryption certificate. To increase security, set up mobile platform server work via the HTTPS/1.1 or HTTP/2 protocol with the use of encryption certificates. The HTTP/1.1 protocol without certificates is used by default.
NOTE. The HTTP/2 protocol with encryption certificates is used only if a mobile device communicates with mobile platform server. When a request is sent from mobile platform server to the data source, the HTTP/1.1 protocol is used with certificates or without them, depending on the defined settings.
If the 403 error occurs when opening the administrator console via the HTTPS protocol, see the Restoring Administrator Console Availability section.
Setup of HTTPS connection between a mobile device and mobile platform server differs depending on the configuration.
To set up HTTPS connection between a mobile device and mobile platform server when using standalone configuration of Foresight Mobile Platform:
Create an encryption certificate using special cryptographic tools, for example, OpenSSL.
The following files will be obtained:
<certificate name>.crt. Encryption certificate.
<encryption key name>.key. Encryption key.
Copy the file contents and set variables in the .env file located on mobile platform server:
Assign the contents of the <certificate name>.crt to the TLS_CERT variable.
Assign the contents of the <encryption key name>.key file to the TLS_KEY variable.
Open the administrator console and specify the HTTPS protocol.
After executing the operations, mobile platform server is set up to work by the HTTPS protocol. When the HTTP protocol is specified, the system is automatically redirected to HTTPS.
To use the HTTP protocol, delete the contents of the TLS_CERT and TLS_KEY variables in the .env file.
To set up HTTPS connection between a mobile device and mobile platform server when using cluster configuration of Foresight Mobile Platform:
Create an encryption certificate using special cryptographic tools, for example, OpenSSL.
The following files will be obtained:
<certificate name>.crt. Encryption certificate.
<encryption key name>.key. Encryption key.
Execute operations depending on the version of Foresight Mobile Platform:
When Foresight Mobile Platform 21.04 is used, add the <certificate name>.crt certificate and the <encryption key name>.key encryption key to the tls folder located at: <folder with server configuration files>/fmp/chart/files/tls/.
To use the HTTP protocol, delete the <certificate name>.crt and <encryption key name>.key files from the tls folder.
When Foresight Mobile Platform 21.10 or later is used:
Add the nginx.ingress.tls parameter with the true value to the command on installing or updating the mobile platform:
--set nginx.ingress.tls=true
Specify contents of the obtained certificate and encryption key in the values.production.yaml file:
nginx:
ingress:
enabled: true
hostname: mynginx
tls: true
secrets:
# name should correspond with the format: <IP address or DNS server name>-tls
- name: mynginx-tls
key: |-
-----BEGIN PRIVATE KEY-----
<encryption key contents>
-----END PRIVATE KEY-----
certificate: |-
-----BEGIN CERTIFICATE-----
<encryption certificate contents>
-----END CERTIFICATE-----
To use the HTTP protocol:
Add the nginx.ingress.tls parameter with the true value to the command on installing or updating the mobile platform:
--set nginx.ingress.tls=false
Delete certificate and encryption key contents in the values.production.yaml file.
After executing the operations, mobile platform server is set up to work by the HTTPS protocol. When the HTTP protocol is specified, the system is automatically redirected to HTTPS.
To select the HTTP/2 protocol, when creating a request specify version in the mobile application code, for example:
When Python is used:
import httpx
r = httpx.get("https://example.com", http2=True)
When Node.js is used:
const http2 = require('http2');
const client = http2.connect('https://example.com')
When executing request using the API method:
curl --http2-prior-knowledge https://example.com
Mobile platform server supports simultaneous handling of requests from mobile applications working in different versions of the HTTP protocol.
To set up HTTPS connection between mobile platform server and a data source, add encryption certificates of data source servers from a corporate or a third-party certification center on the Certificates tab in the Security subsection.
See also:
Installing and Setting Up Foresight Mobile Platform | Mobile Platform Server Advanced Settings | Disabling File Mounting