FineOps Help

Enabling SSL for O&M Project

  • Last update: 2024-05-31

    • Overview  

    Version 

    FineOps VersionFunctional Change
    V1.13.0 /
    V2.0.0 

    Optimized the steps of standalone configuration by enabling automatic forwarding after the nginx component is added to facilitate SSL configuration.

    V2.1.0Optimized the interaction by adjusting the function entry location.

    Application Scenario 

    A valid SSL certificate is required to use the HTTPS protocol. An SSL certificate contains authentication information that helps encrypt and secure communications.

    The certificate plays a key role in constructing a secure project as it ensures the security of communications between clients and servers.

    This article introduces how to configure SSL certificates for FineReport and FineBI O&M projects of containerized deployment through simple front-end page operations to meet the requirements of accessing FanRuan applications via HTTPS.

    This ensures that the FineReport and FineBI projects use a secure communication protocol, and protects user data with encryption.

    Prerequisite 

    Confirming the Deployment Method of the O&M Project 

    1. This function is only valid for FineOps-deployed projects.

    2. This function requires the configuration of the nginx component of an O&M project. The FineOps-deployed standalone project may not be configured with the nginx component. You (as the admin) shall add the nginx component in Component Management, which will be automatically connected to the project node after being added. At this time you can configure the SSL certificate. For details, see Adding Component to O&M Project.


    Preparing the Certificate 

    Apply for the certificate for the server where the nginx component of the O&M project is located.

    You need to purchase a certificate (usually authenticated by internationally recognized certificate authorities (CAs) such as VeriSign and GlobalSign) from a CA vendor.

    The relevant documents and requirements for the certificate are described in the following table.

    ContentRequirement
    Certificate file

    Prepare the certificate in CRT or PEM format. (The nginx only supports these two formats.)

    Key file

    		Prepare the certificate key (with the .key extension).

    Confirming the Correspondence Among Certificate, Domain Name, and IP Address 

    Confirming the Correspondence Between the Domain Name and the Certificate

    • Upload the certificate to the machine with a JDK environment installed and navigate to the certificate directory.

    • Use the following command to print the certificate information.

    keytool -printcert -file .pem

    • Confirm the domain name bound to the certificate, which is the value after Owner: CN in the returned value.

    Confirming the Correspondence Between the Domain Name and the IP Address

    Associate the above domain name and the IP address of the server where the nginx component of the O&M project is located.

    As operations on different servers may vary, FanRuan does not provide guidance documents for this operation. Contact your server vendor for assistance.

    After successful association, you (as the admin) can use the following command to verify if the returned IP address is correct. 

    ping Domain name

    Preparing a Port 

    Prepare a vacant port on the server where the nginx component of the O&M project is located for subsequent access to the O&M project. 

    Ensure that the port firewall is open and the port is accessible.

    Use the default HTTPS port number 443 if you want to access services through the domain name without adding a port number.

    This document uses the port number 443 for illustration.

    Procedure 

    Configuring the Certificate 

    1. Log in to FineOps as the admin, select the O&M project, and choose Maintenance > Component Management.

    2. Find the nginx component and click Modify Configuration.

    3. Upload the prepared certificate and key files in SSL Configuration, and fill in the domain name and port number.  Click OK.

    Restarting the Component 

    1. View the prompt "Enabling SSL will restart the FineOps NGINX component, during which FineOps will be inaccessible for a few minutes. After the restart, the HTTPS address is URL (the URL after the corresponding domain name). Continue?"

    2. Click Continue and Restart. FineOps will automatically perform the following checks and configurations, which may take a while.

    • Check whether the entered port number is available. If it is not available, the configuration will fail.

    • Upload the certificate and key files to the /nginx/conf/ssl directory of the nginx component of the O&M project.

    • Use the original command to create a nginx component, replace the old one, enable port number 443, and add SSL-related configurations to environment variables.

    • Restart nginx. The HTTPS access is enabled after the restart.

    Effect Display 

    After a successful restart, you can access the project using the address in the prompt.

    Type https://Domain name:Port number/webroot/decision in the address bar of a browser and check if you can access the project. If a secure connection symbol appears, the SSL configuration is successful.

    • The port number is the one used for SSL configuration and can be omitted if it is 443.

    Note: Your browser automatically redirects original HTTP requests to HTTPS requests.

    Attachment List


    Theme: Project Management
    Previous:Exporting Project Deployment Information​
    Next:Project Backup
    • Helpful
    • Not helpful
    • Only read
    中文(繁體) 中文(简体)
    English