Your browser was unable to load all of the resources. They may have been blocked by your firewall, proxy or browser configuration.
Press Ctrl+F5 or Ctrl+Shift+R to have your browser try again.

Running both http & https #4333

benprim ·

Is it possible to have both http & https running at the same time ?
Our server being requested by different sources we would like to be able to setup ssl first and then progressively switch our rest api calls before fully ditching http.
On our test instance QB server doesn't want to boot if we keep both port= & sslport= on the node.properties... but I'm pretty sure i've come accross a discussion were you said a user could leave http on for agents and keep https for the webinterface(but I can't find it anymore).
Am I wrond ? or is this manageable ?

  • replies 4
  • views 268
  • stars 0
robinshen ADMIN ·
benprim ·

Hi Robin,
We still have a strange issue where for instance if we connect to https then sign out we're redirected to the http port and then we can't access https anymore (we are redirected to http) and we can't login in the http either...
By the way we also use a custom keystore to pass some internal certificate to quickbuild.
by doing this in our wrapper.conf :
wrapper.java.additional.3=-Djavax.net.ssl.trustStore=/opt/javacerts/qbcerts

Cause it can cause issues ?
or is it fine to have different keystore between
wrapper.conf and node.properties ?

robinshen ADMIN ·

Sorry I was wrong previously. Running http and https together does have some issues due to . I'd suggest to only have http port open, and then set up Apache reverse proxy to serve https and forward traffic to QuickBuild. This way your RESTful API still connects directly to QB via http, while all UI visits go through https. For instance, https://build.pmease.com is proxied to access QuickBuild via below Apache config:

<VirtualHost *:80>
    ServerName build.pmease.com
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}$1 [L,R=301]
RewriteCond %{SERVER_NAME} =build.pmease.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName build.pmease.com

    ErrorLog ${APACHE_LOG_DIR}/quickbuild.error.log
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/quickbuild.access.log combined

    SSLEngine on

    ProxyRequests Off
    ProxyPreserveHost Off

    ProxyPass / http://localhost:8810/
    ProxyPassReverse / http://localhost:8810/
    SSLCertificateFile /etc/letsencrypt/live/build.pmease.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/build.pmease.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
benprim ·

Thanks Robin, we actually did that waiting on your answer, so we'll just reactivate it :)