Foresight Mobile Platform supports HTTPS protocol connection:
The HTTPS protocol provides TLS sessions if there is an encryption certificate. To increase security, set up mobile platform server work according to HTTPS protocol. The HTTP protocol is used by default.
If the 403 error occurs on opening the administrator console via HTTPS protocol, see the Restoring Administrator Console Availability section.
To set up HTTPS connection between mobile device and mobile platform server:
Create an encryption certificate using special cryptographic tools, for example, OpenSSL.
This will result in the following files:
<certificate name>.crt. Encryption certificate.
<encryption key name>.key. Encryption key.
Copy the file contents and set variables in the .env file located on a mobile platform server:
Assign the contents of the <certificate name>.crt to the TLS_CERT variable.
Assign the contents of the <encryption key name>.key file to the TLS_KEY variable.
Open the administrator console and specify the HTTPS protocol.
After executing the operations a mobile platform server is set up to work by the HTTPS protocol. When the HTTP protocol is specified, the system is automatically redirected to HTTPS.
To use the HTTP protocol, delete the contents of the TLS_CERT and TLS_KEY variables in the .env file.
If on installing Foresight Mobile Platform a cluster is deployed based on Kubernetes, Deckhouse or OKD/OCP, execute the following operations:
Create an encryption certificate using special cryptographic tools, for example, OpenSSL.
This will result in the following files:
<certificate name>.crt. Encryption certificate
<encryption key name>.key. Encryption key.
Execute operations depending on the version of Foresight Mobile Platform:
When Foresight Mobile Platform 21.04 is used, add the <certificate name>.crt certificate and the <encryption key name>.key encryption key to the tls folder located at: <folder with server configuration files>/fmp/chart/files/tls/.
To use the HTTP protocol, delete the <certificate name>.crt and <encryption key name>.key files from the tls folder.
When Foresight Mobile Platform 21.10 or later:
Add the nginx.ingress.tls parameter with the true value to the command on installing or updating the mobile platform:
--set nginx.ingress.tls=true
Specify contents of the obtained certificate and encryption key in the values.production.yaml file:
nginx:
ingress:
enabled: true
hostname: mynginx
tls: true
secrets:
# name should correspond with the format: <IP address or DNS server name>-tls
- name: mynginx-tls
key: |-
-----BEGIN PRIVATE KEY-----
<encryption key contents>
-----END PRIVATE KEY-----
certificate: |-
-----BEGIN CERTIFICATE-----
<encryption certificate contents>
-----END CERTIFICATE-----
To use HTTP protocol:
Add the nginx.ingress.tls parameter with the true value to the command on installing or updating the mobile platform:
--set nginx.ingress.tls=false
Delete certificate and encryption key contents in the values.production.yaml file.
After executing the operations a mobile platform server is set up to work by the HTTPS protocol. When the HTTP protocol is specified, the system is automatically redirected to HTTPS.
To set up HTTPS connection between mobile platform server and data source, add encryption certificates of data source servers from a corporate or a third-party certification center on the Certificates tab in the Security subsection.
See also:
Installing and Setting Up Foresight Mobile Platform | Disabling File Mounting