How To: HTTPS
By default, the Reactor UI and API are served on unencrypted connections. If you prefer to use encrypted connections, this document describes how to configure Reactor to do that.
You will, of course, need a server certificate. You can get this from a certificate issuer such as letsencrypt.org, or use a self-signed certificate. Your certificate will need to be in PEM format.
Place your certificate and private key files in any directory accessible to Reactor at runtime. For bare-metal installs, this can be any accessible (to the runtime user) directory in the filesystem. For docker container users, you must locate the files in your Reactor
reactor.yamlconfiguration file, change the
reactor.yamlconfiguration file, add the following two lines after the
baseurlline (and indented to the same level with spaces):
baseurl: "https://...:8111" pki_certfile: certificate-filename pki_keyfile: private-key-filename
If simple filenames are given above, the files are assumed to be in the
configsubdirectory. Otherwise, they are assumed to be full pathnames to another filesystem location. If the certificate and private key are in the same file, you can omit the
Open the Reactor UI using the new HTTPS URL (from
baseurlin step 2 above).
If Reactor does not start, check the
reactor.log file for messages. The most likely problem is that your certificate and private key files are not accessible (check the path and permissions), or that the certificate and private key files are not in the correct (PEM) format. If you still can't resolve the issue, simply restore the
baseurl by undoing the edit done in step 2 above.
Creating a Self-Signed Certificate using OpenSSL
You can create a self-signed certificate by issuing the following command on most Linux systems that have OpenSSL installed:
openssl req -x509 -nodes -newkey rsa:2048 -days 365 -keyout reactor.key -out reactor.crt
The certificate generated from this command will be valid for 365 days (