Skip to content

Configuring HTTPS

Using built-in HTTPS server

For enabling HTTPS in RPGM Server, you have to edit the Configuration file. The settings for configuring HTTPS are:

Setting Description
https true if you want HTTPS to be active.
httpsPort HTTPS port of the server. 443 is the default HTTPS port.
httpsKey Path to the key file of the HTTPS certificate.
httpsCert Path to the certificate for HTTPS.

Here is an example of configuration:

https: true
httpsPort: 443
httpsKey: C:/certificates/privkey.pem
httpsCert: C:/certificates/cert.pem
  • Do not forget to change the root entry in your config.yml file to reflect your new HTTPS URL.
  • Also do not forget to restart RPGM Server after saving your configuration file.

Note

The port value will still listen in HTTP and will redirect to the HTTPS port.

Certificates format

Certificates should be in the PEM format. If your certificate is in the DER format, you can convert it with the openssl utility:

openssl x509 -inform der -in cert.cer -out cert.pem

Using a Reverse Proxy

You can also let RPGM Server only in HTTP and use a reverse proxy to redirect HTTPS connections to HTTP. See the Reverse Proxy section.

Generating certificates

Let's Encrypt

Follow the instructions given on the official website of Let's Encrypt and Certbot for generating certificates.

Here is a sample on how to install and execute Certbot:

Warning

This example is for Debian or Ubuntu with a root session. It also may be outdated and is only here for convenience only. Check out the official website of Certbot with the link above to find the last official documentation.

# apt-get install software-properties-common
# add-apt-repository ppa:certbot/certbot
# apt-get update
# apt-get install certbot
# certbot certonly --manual

Now you have to set up a web server for reponding to the challenge for validating your website ownership.

Tip

In a futur version, Let's Encrypt will be supported out of the box in RPGM Server.

Paths of the generated file can now be used for httpsKey and httpsCert:

httpsKey: /etc/letsencrypt/live/example.com/privkey.pem
httpsCert: /etc/letsencrypt/live/example.com/cert.pem