How To: HTTPS
By default, the Reactor UI and API are served on unencrypted connections. If you prefer to use encrypted connections, this document describes how to configure Reactor to do that.
You will, of course, need a server certificate. You can get this from a certificate issuer such as letsencrypt.org, or use a self-signed certificate. Your certificate will need to be in PEM format.
-
Place your certificate and private key files in any directory accessible to Reactor at runtime. For bare-metal installs, this can be any accessible (to the runtime user) directory in the filesystem. For docker container users, you must locate the files in your Reactor
config
subdirectory. -
In your
reactor.yaml
configuration file, change thebaseurl
protocol fromhttp:
tohttps:
. -
In your
reactor.yaml
configuration file, add the following two lines after thebaseurl
line (and indented to the same level with spaces):baseurl: "https://...:8111" pki_certfile: certificate-filename pki_keyfile: private-key-filename
If simple filenames are given above, the files are assumed to be in the
config
subdirectory. Otherwise, they are assumed to be full pathnames to another filesystem location. If the certificate and private key are in the same file, you can omit thepki_keyfile
line above. -
Restart Reactor.
-
Open the Reactor UI using the new HTTPS URL (from
baseurl
in step 2 above).
If Reactor does not start, check the reactor.log
file for messages. The most likely problem is that your certificate and private key files are not accessible (check the path and permissions), or that the certificate and private key files are not in the correct (PEM) format. If you still can't resolve the issue, simply restore the baseurl
by undoing the edit done in step 2 above.
Creating a Self-Signed Certificate using OpenSSL
You can create a self-signed certificate by issuing the following command on most Linux systems that have OpenSSL installed:
openssl req -x509 -nodes -newkey rsa:2048 -days 365 -keyout reactor.key -out reactor.crt
The certificate generated from this command will be valid for 365 days (-days
option).
Updated: 2022-May-19