4.04 - Using HTTPS

There are two ways to set a HTTPS secure connection: through a reverse proxy or with configuration in Squash TM. Henix would advise to use a reverse proxy.

1. Reversing proxy

To set a HTTPS connection, we advise to use an apache reverse proxy installed on the same server that hosts Squash TM. We recommend the 2.2 branch of the apache server with configured mod_proxy and mod_rewrite (to force https connection).

For example:

<VirtualHost *:443>

SSLEngine on

SSLProxyEngine on

ServerName myhost.mydomain.com

ErrorLog ${APACHE_LOG_DIR}/myhost_error.log

DocumentRoot /var/www

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/myhost_access.log combined

SSLCertificateFile /etc/ssl/mon-certificat-serveur.crt

SSLCertificateKeyFile /etc/ssl/private/ma-clef-privee.key

<IfModulemod_proxy_http.c>

ProxyPreserveHost On

ProxyPass /squash http://localhost:8080/squash

ProxyPassReverse /squash http://localhost:8080/squash

</IfModule>

</VirtualHost>

To rewrite URL:

<IfModulemod_rewrite.c>

RewriteLog rewrite.log

RewriteLogLevel 0

<IfModulemod_ssl.c>

<Location />

RewriteEngine on

RewriteCond %{HTTPS} !^on$ [NC]

RewriteCond %{HTTP_HOST} (^.*)$ [NC]

RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L]

</Location>

</IfModule>

</IfModule>

2. Enabling HTTPS on Squash TM

To enable HTTPS, the following information must be added to 'conf\squash.tm.cfg.properties' file:

server.ssl.key-store=<keystore path>

server.ssl.key-store-password=<keystore password>

server.ssl.key-password=<server certificate password>

server.ssl.key-alias=<password>

In the 'bin\startup.sh' (or 'startup.bat'), HTTP_PORT must be set as followed:

HTTP_PORT=8443

Before adding configuration, a keystore must be created. Here are the commands to generate a keystore with JKS format.

Once the configuration is done, Squash TM will work only with https, the URL won't be redirected from http.