Is it possible to have both http & https running at the same time ?
Our server being requested by different sources we would like to be able to setup ssl first and then progressively switch our rest api calls before fully ditching http.
On our test instance QB server doesn't want to boot if we keep both port= & sslport= on the node.properties... but I'm pretty sure i've come accross a discussion were you said a user could leave http on for agents and keep https for the webinterface(but I can't find it anymore).
Am I wrond ? or is this manageable ?
Yes, you can have both http and https port open. Please follow below link to set up ssl:
Hi Robin,
We still have a strange issue where for instance if we connect to https then sign out we're redirected to the http port and then we can't access https anymore (we are redirected to http) and we can't login in the http either...
By the way we also use a custom keystore to pass some internal certificate to quickbuild.
by doing this in our wrapper.conf :
wrapper.java.additional.3=-Djavax.net.ssl.trustStore=/opt/javacerts/qbcerts
Cause it can cause issues ?
or is it fine to have different keystore between
wrapper.conf and node.properties ?
Sorry I was wrong previously. Running http and https together does have some issues due to . I'd suggest to only have http port open, and then set up Apache reverse proxy to serve https and forward traffic to QuickBuild. This way your RESTful API still connects directly to QB via http, while all UI visits go through https. For instance, https://build.pmease.com is proxied to access QuickBuild via below Apache config:
<VirtualHost *:80>
ServerName build.pmease.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}$1 [L,R=301]
RewriteCond %{SERVER_NAME} =build.pmease.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName build.pmease.com
ErrorLog ${APACHE_LOG_DIR}/quickbuild.error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/quickbuild.access.log combined
SSLEngine on
ProxyRequests Off
ProxyPreserveHost Off
ProxyPass / http://localhost:8810/
ProxyPassReverse / http://localhost:8810/
SSLCertificateFile /etc/letsencrypt/live/build.pmease.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/build.pmease.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>