Setting Up Server Work via HTTPS Protocol

Foresight Mobile Platform supports HTTPS protocol connection:

The HTTPS protocol provides TLS sessions if there is an encryption certificate. To increase security, set up mobile platform server work according to HTTPS protocol. The HTTP protocol is used by default.

If the 403 error occurs on opening the administrator console via HTTPS protocol, see the Restoring Administrator Console Availability section.

Setting Up HTTPS Connection between Mobile Device and Mobile Platform Server

To set up HTTPS connection between mobile device and mobile platform server:

  1. Create an encryption certificate using special cryptographic tools, for example, OpenSSL.

This will result in the following files:

  1. Copy the file contents and set variables in the .env file located on a mobile platform server:

  1. Open the administrator console and specify the HTTPS protocol.

After executing the operations a mobile platform server is set up to work by the HTTPS protocol. When the HTTP protocol is specified, the system is automatically redirected to HTTPS.

To use the HTTP protocol, delete the contents of the TLS_CERT and TLS_KEY variables in the .env file.

If on installing Foresight Mobile Platform a cluster is deployed based on Kubernetes, Deckhouse or OKD/OCP, execute the following operations:

  1. Create an encryption certificate using special cryptographic tools, for example, OpenSSL.

This will result in the following files:

  1. Execute operations depending on the version of Foresight Mobile Platform:

To use the HTTP protocol, delete the <certificate name>.crt and <encryption key name>.key files from the tls folder.

--set nginx.ingress.tls=true

      1. Specify contents of the obtained certificate and encryption key in the values.production.yaml file:

nginx:
  ingress:
    enabled: true
    hostname: mynginx
    tls: true
    secrets:
      # name should correspond with the format: <IP address or DNS server name>-tls
      - name: mynginx-tls
        key: |-
          -----BEGIN PRIVATE KEY-----
          <encryption key contents>
          -----END PRIVATE KEY-----
        certificate: |-
          -----BEGIN CERTIFICATE-----
          <encryption certificate contents>
          -----END CERTIFICATE-----

To use HTTP protocol:

      1. Add the nginx.ingress.tls parameter with the true value to the command on installing or updating the mobile platform:

--set nginx.ingress.tls=false

      1. Delete certificate and encryption key contents in the values.production.yaml file.

After executing the operations a mobile platform server is set up to work by the HTTPS protocol. When the HTTP protocol is specified, the system is automatically redirected to HTTPS.

Setting Up HTTPS Connection Between Mobile Platform Server and Data Source

To set up HTTPS connection between mobile platform server and data source, add encryption certificates of data source servers from a corporate or a third-party certification center on the Certificates tab in the Security subsection.

See also:

Installing and Setting Up Foresight Mobile Platform | Disabling File Mounting