6.4.0. heavy.conf setting

Comments

7 comments

  • Avatar
    Candido Dessanti

    Hi,

    To enable https in Immerse, you need a certificate with a key.

    In this article, Setting-up-your-server-with-Let-s-Encrypt-certificates-using-Certbot is explained how to install and use certbot on Ubuntu, but it should work the same on other OS like macOS.

    Anyway, you can create a self-signed certificate using openssl with a simple command like that

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /var/lib/heavyai/mykey-selfsigned.pem -out /var/lib/heavyai/mycert-selfsigned.pem

    change the permissions to be sure that the file can be read from the server

    chmod a+rx /var/lib/heavyai/mykey-selfsigned.pem  /var/lib/heavyai/mycert-selfsigned.pem

    and then add the parameters to your heavy.conf file and restart the web server (or the container running the web server.

    enable-https=true
    cert = "/var/lib/heavyai/mycert-selfsigned.pem"
    key = "/var/lib/heavyai/mykey-selfsigned.pem "

    In both examples, the certificates have been placed into the /var/lib/heavyai directory because it is the default directory for docker or on-premise installation.

    Using self-signed certificates, the browser will warn you about some security issues, so you'll need to add an exception.

    For reference, I used the parameters to generate the certificate with openssl.


    Let me know if this configuration solve your issues

     

    0
    Comment actions Permalink
  • Avatar
    Иван Л

    Hello!

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /var/lib/heavyai/mycert-selfsigned.pem -out /var/lib/heavyai/mycert-selfsigned.pem

    this command creates var/lib/heavyai/mycert-selfsigned.pem

    I don't understand how to create

    mycert-selfsigned.crt"
    mycert-selfsigned.key"

    ?

    0
    Comment actions Permalink
  • Avatar
    Иван Л

    MacBook-Air-Ivan:~ ivanzaharov$ chmod a+rx /var/lib/heavyai/mycert-selfsigned.key /var/lib/heavyai/mycert-selfsigned.pem

    chmod: /var/lib/heavyai/mycert-selfsigned.key: No such file or directory

    0
    Comment actions Permalink
  • Avatar
    Candido Dessanti

    HI,

    I'm sorry I made some errors with copy and paste, which I have corrected in the original message.

    Now everything should be ok.

    0
    Comment actions Permalink
  • Avatar
    Иван Л

    https://localhost:6273/   start off

    Navigate to: http://localhost:6273

    ⇨ https server started on [::]:6273

    echo: http: TLS handshake error from 172.17.0.1:63600: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63602: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63604: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63606: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63608: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63610: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63612: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63618: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63620: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63622: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63624: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63626: remote error: tls: unknown certificate

    echo: http: TLS handshake error from 172.17.0.1:63628: remote error: tls: unknown certificate

    0
    Comment actions Permalink
  • Avatar
    Candido Dessanti

    Hi,

    The remote error is coming from your browser that's not accepting the certificate; you have to add an exception

    as an example with Chrome when I connect I have to click on Advanced

    and then clicking on Proceed on localhost

    This happens with self signed certificates, because the Certification Authority isn't trusted.

    0
    Comment actions Permalink
  • Avatar
    Иван Л

    Hello! This worked for me! Thank you!)

    0
    Comment actions Permalink

Please sign in to leave a comment.