Contents
Objective
The objective of this guide is to show the necessary steps to use TOTVS Fluig Platform over the HTTPS protocol.
Obtain a valid certificate
The prerequisite for using SSL is having a valid digital certificate for your domain (for example: *.suaempresa.com.br). If your company does not have any digital certificate, it must be purchased from a certifying authority. It is not recommended to use self-signed certificates, since some browsers do not support this type of certificate and may cause unexpected behavior when using TOTVS Fluig Platform.
Ask your certifying unit which steps are necessary to generate the CSR (Certificate Signing Request). Inform the certificate formats supported so that the certifying unit can provide the file in the correct format.
With the certificate copied to the server where TOTVS Fluig Platform is installed, follow the steps below.
SSL Configuration Procedures
- Stop the JBoss service at Fluig.
- Change the web subsystem tab in the standalone.xml file
Change the socket-binding tag in the http connector and add the https connector. Configure the <ssl> tag with the right paths to the certificate.
<subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false"> <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="localhost"/> <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="${ssl_name}" password="${senha_certificado_ssl}" certificate-key-file="${diretório_certificado}.p12" protocol="ALL" ca-certificate-file="${diretório_certificado}.p12" keystore-type="PKCS12" truststore-type="PKCS12" session-timeout="1800"/> </connector> <virtual-server name="default-host" enable-welcome-root="false"> <sso cache-container="web" cache-name="sso" reauthenticate="false"/> </virtual-server> </subsystem>
Change the property totvs/solrURL as follows:
<property name="totvs/solrURL" value="http://127.0.0.1:8080/indexer"/>
On the interface tag, add a new interface.
<interface name="localhost"> <inet-address value="127.0.0.1"/> </interface>
On the socket-binding-group tag, add a new socket-binding-group.
<socket-binding name="localhost" interface="localhost" port="8080" fixed-port="true"/>
- Then, when restarting the JBoss service on Fluig, the access will be via HTTPS, on port 8443.
Configure chat and notifications
When configuring TOTVS Fluig Platform to work with HTTPS, the same should be done with the service responsible for the Chat and notifications (delivery of data from server to customers).
For such, the ${FLUIG_HOME}/node/bin/package.json file must be edited, adding the following information:
"ssl" : { "usessl": true, "port": 8443, "key": "/root/ssl/server.key", "cert": "/root/ssl/server.crt", "ca": "/root/ssl/server.crt" }
The attributes must be changed as follows:
Attribute |
Description |
usessl |
Inform as true to characterize the use of HTTPS configuration |
port |
Inform the port configured to receive HTTPS requests |
key |
Inform the key file path |
cert | Inform the certificate file path |
ca | Inform the certificate file path |