Versions Compared

Old Version 38

changes.mady.by.user Mr. Schmittberger

Saved on

compared with

New Version Current

changes.mady.by.user Mr. Schmittberger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Copy the certificate file into [service-manager]\certificates.

  2. Find the yuuvis® RAD gateway configuration section in the [service-manager]\config\servicewatcher-sw.yml file (search for "gateway"), and change the port from 80 to 443.

  3. Add the following lines to the [service-manager]\config\gateway-prod.yml file.

    Code Block
    server.ssl.key-store: '../../certificates/ca.p12'
server.ssl.key-store-password: 'optimal'
server.ssl.key-store-type: 'PKCS12'
server.ssl.key-alias: '1'
server.ssl.key-password: 'optimal'
server.ssl.enabled-protocols: 'TLSv1.2,TLSv1.3'

eureka.instance:
    prefer-ip-address: false
    non-secure-port-enabled: false
    secure-port-enabled: true
    secure-port: ${server.port}
    statusPageUrl: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/manage/info
    healthCheckUrl: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/manage/health
    secureHealthCheckUrl: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/manage/health
    homePageUrl: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/
    hostname: <hostname/dns-name>

    Modify the settings to match those of the certificate you installed: 
    If the certificate is issued to a DNS alias of the server, then the gateway needs to bind against this alias as well and publish URLs that can be called by other services with this alias address. This includes the eureka.instance.hostname URL shown above. The same applies if your certificate is issued to the hostname of the server. In this case, the gateway needs to bind to the hostname. As a consequence, the eureka.instance.preferIpAddress parameter needs to be added and set to false.
    If desired, the passwords can be saved encrypted. To do so, execute "<service-manager>\tools\encode.bat <plaintext_password>" (omit the < >) in a command prompt (cmd.exe) and copy the return value (including the ENC( )) to the configuration file (replacing the plaintext password).
    If a custom context-path is configured, the line 'secure-port: ${server.port}' needs to be changed to 'secure-port: ${management.server.port}'

  4. Restart the yuuvis® RAD service-manager service.

...