This page describes how to initially install an SSL certificate and convert your website to use HTTPS. If you are already using an SSL certificate and it has expired, refer to "How to update SSL certificate" page in "FAQ" section.
Navixy platform uses a web server called Nginx. It is available for both Linux and Windows, so the following steps are valid for any operating system.
Prepare SSL certificates
In order to make your website SSL protected, you need to have an SSL certificate and its private key. If you use multiple domain names, you need a certificate for each domain, or a wildcard or multi-domain certificate. You can contact any certificate authority to issue a certificate. The platform can work with any valid certificates regardless of the issuer. See this page for more information about SSL protection.
Navixy is not a certificate authority and does not offer SSL certificate issuance services. However, if your platform was installed automatically or deployed from the AMI, you can install free LetsEncrypt certificates using the Configuration Wizard. For manually installed instances, the Configuration Wizard is not available, and LetsEncrypt certificates can only be issued using third-party tools.
Once you have the certificates, you need to put them to some directory on your server. It is recommended that you use standard paths:
- Linux:
/etc/nginx/ssl/ - Windows:
C:\nginx\conf\ssl\
In this case, you will not need to specify the full path to the certificate and private key in the configuration of your website. You can specify a short path like ssl/name.crt and ssl/name.key.
SSL certificate chain of trust
The certificate file(s) must contain a full chain of trust. This means that the contents of the certificate must include not only the body of the primary certificate you plan to install, but also an intermediate certificate, a root certificate, or any combination of these, depending on the certificate issuer.
Such a certificate is called a full chain certificate.
Make sure that the certificate you issue contains this chain of trust, otherwise some features, such as mobile applications, might not work.
If you have trouble building the full chain, contact the certificate issuer. You can also use some online tools to resolve the chain of trust, such as this one.
If you want to learn more about the chain of trust, you can read an explanation on one of the SSL issuer sites.
Private key requirement
The main requirement for private key is that it must match the SSL certificate, otherwise Nginx web server will not be able to start. Typically, private key is provided by the certificate issuer along with the certificate. If you re-issue a certificate from the same authority, private key often stays the same and does not need to be replaced.
You can additionally match the certificate with the private key using online tools, such as this one.
Update Nginx configuration
Find your website configuration file. It is usually called navixy.conf and is located at /etc/nginx/sites-available/ (Linux) or C:\nginx\sites-enabled\ (Windows).
It is highly recommended to proceed with ready-to-use Nginx configuration. Simply choose a HTTPS configuration according to your operating system and the number of domains and replace the current contents of navixy.conf. In this case you only have to specify domains and paths to certificates and private keys. The rest of the configuration is proven to work, so this way you can avoid possible errors.
However, you can edit the Nginx configuration manually if this works for you better.
Change the listening port from "80" to "443 ssl", and add the SSL-related lines to each site's configuration, specifying the correct path to your fullchain certificate and key files.
listen 443 ssl; ## listen for ipv4
ssl_certificate /ssl/certificate.crt;
ssl_certificate_key /ssl/private.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
Here's an example for API site configuration:
server {
listen 443 ssl; ## listen for ipv4
server_name api.domain.com;
access_log /var/log/nginx/api.domain.com_ssl.access.log;
client_max_body_size 20m;
ssl_certificate /ssl/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {proxy_pass http://127.0.0.1:8084;
}
}
Restart Nginx web server.
For Linux:
nginx -t && nginx -s reload
For Windows, you need to terminate all Nginx processes and then start nginx.exe from C:\nginx.
Make sure Nginx has started and doesn't give any error related to SSL.
Edit the platform configuration files
Next we need to tell Navixy to use HTTPS protocol instead of HTTP in all the configuration files. Open the following files:
/var/www/panel-v2/PConfig.js- edit the parameter "apiRoot", changing "http" to "https". Edit the parameter "terminalHost" - change "ws" to "wss" and delete port 8383./var/www/pro-ui/Config.js- edit the parameter "apiRoot", changing "http" to "https"./var/www/pro-ui/static/app_config.js- edit the parameter "apiUrl", changing "http" to "https" (if the value is present)./home/java/api-server/conf/config.properties- edit the parameter api.externalBaseUrl, changing "http" to "https" (if the value is present).
Restart Navixy services for all the changes to take effect.
In case the page is still trying to load over HTTP, clear your browser's cache.