You can enable support for HTTPS in LuciadFusion through:
-
The use of a reverse proxy in front of LuciadFusion. In this setup, all access to LuciadFusion passes through the reverse proxy, which you can configure to enable HTTPS. For more information about setting up LuciadFusion with a reverse proxy based on Apache HTTP server, see How to set up the LuciadFusion Platform with a reverse proxy.
-
The use of Spring Security, which is included with LuciadFusion.
To enable HTTPS, you first need an SSL certificate. You can request that from a certificate authority.
For development and testing purposes, you can also generate a self-signed certificate, using thekeytool
utility that comes with every JRE.For example:
>keytool -genkey -alias <alias> -storetype <type> -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
When you use the Jetty servlet container included with LuciadFusion 2024 and beyond, the hostname used in HTTPS requests needs to match the name used in the self-signed certificate. This can be achieved by entering the fully qualified hostname when
keytool
asks your first and last name. Note that hostnames such aslocalhost
or IP addresses are not allowed.Move the resulting keystore file to the
config
folder. Next, enable HTTPS by setting these SSL properties in the LuciadFusion configuration fileapplication-fusion.production-template.yml
:# SSL (https) can be enabled by setting the following properties: #server.ssl.key-store: classpath:keystore.p12 #server.ssl.key-store-password: <password> #server.ssl.keyStoreType: <type> #server.ssl.keyAlias: <alias>