Enabling HTTPS on Webcentre

By default, WebCentre is configured to use HTTP. The steps needed to get HTTPS working on WebCentre aren’t too complicated, but a basic understanding of how web security and certificates work is required.

We’ll assume you have a certificate for webcentre.yourdomain.com(or a wildcard certificate for the *.yourdomain.com).

Before starting, check your DNS is correctly configured, so that http://webcentre.yourdomain.com takes you to the (non-HTTPS) WebCentre page.

Your certificate should include a “.pem” certificate file, and a certificate key file (often a “.key” extension). Copy these to the nginx “conf” folder, C:\Program Files (x86)\Rascular\Rascular WebCentre\conf

On the WebCentre system, take a backup of the nginx.conf file, then edit it to add the yellow section, directly after the first listen and server_name commands.

Replace the green sections with the correct domain name, and the names of your certificate and key files.

listen 80;
server_name webcentre.yourdomain.com localhost;

listen       443 ssl;
ssl_certificate webcentre.pem;
ssl_certificate_key webcentre.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout  5m;
ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

You can optionally add this, which will automatically redirect HTTP request to HTTPS

     if ($scheme = http) {
        return 301 https://$server_name$request_uri;
     }

Now restart the nginx service. If it won’t start, examine the logs/error.log file which should contain details of the problem.

At this point, you should be able to point a browser at https://webcentre.yourdomain.com and see the HTTPS ‘padlock’ in the browser. If there’s no response from the server, check that port TCP 443 is open in your firewall to allow incoming HTTPS requests.

If you’ve enabled HTTPS on WebCentre, you’ll also need to use Secure WebSockets to control RouteMaster. Your browser won’t let you use the non-secure protocol from a secure page.