Árvore de páginas

Versões comparadas

Chave

  • Esta linha foi adicionada.
  • Esta linha foi removida.
  • A formatação mudou.
HTML
<div id="main-content" class="wiki-content group">
	<h1 id="ConfigurarHTTPS-Índice">Contents</h1>
	<p>
		<style type='text/css'>/*<![CDATA[*/
div.rbtoc1412695400359 {
	padding: 0px;
}
div.rbtoc1412695400359 ul {
	list-style: none;
	margin-left: 0px;
}
div.rbtoc1412695400359 li {
	margin-left: 0px;
	padding-left: 0px;
}
/*]]>*/
</style>
	<div class='toc-macro rbtoc1412695400359'>
		<ul class='toc-indentation'>
			<li><span class='TOCOutline'>1</span> <a
				href='#ConfigurarHTTPS-Objetivo'>Objective</a></li>
			<li><span class='TOCOutline'>2</span> <a
				href='#ConfigurarHTTPS-Obterumcertificadoválido'>Obtain a valid
					certificate</a></li>
			<li><span class='TOCOutline'>3</span> <a
				href='#ConfigurarHTTPS-ProcedimentosdeConfiguraçãodeSSL'>SSL
					Configuration Procedures</a></li>
			<li><span class='TOCOutline'>4</span> <a
				href='#ConfigurarHTTPS-Configurarchatenotificações'>Configure
					chat and notifications</a></li>
		</ul>
	</div>
	</p>
	<p>&#160;</p>
	<h1 id="ConfigurarHTTPS-Objetivo">Objective</h1>
	<p>The objective of this guide is to show the necessary steps to
		use TOTVS Fluig Platform over the HTTPS protocol.</p>
	<p>&#160;</p>
	<h1 id="ConfigurarHTTPS-Obterumcertificadoválido">Obtain a valid
		certificate</h1>
	<p>The prerequisite for using SSL is having a valid digital
		certificate for your domain (for example: *.suaempresa.com.br). If
		your company does not have any digital certificate, it must be
		purchased from a certifying authority. It is not recommended to use
		self-signed certificates, since some browsers do not support this type
		of certificate and may cause unexpected behavior when using TOTVS Fluig Platform.</p>
	<p>&#160;</p>
	<div class="aui-message hint shadowed information-macro">
		<span class="aui-icon icon-hint">Icon</span>
		<div class="message-content">
			<p>
				The formats currently supported are <strong>PCKS12</strong>.
			</p>
		</div>
	</div>
	<p>
		<span style="font-size: 10.0pt; line-height: 13.0pt;"><br /></span>
	</p>
	<p>
		<span style="font-size: 10.0pt; line-height: 13.0pt;">Ask your
			certifying unit which steps are necessary to generate the <strong>CSR</strong>
			(<em>Certificate Signing Request</em>). Inform the certificate
			formats supported so that the certifying unit can provide the file in
			the correct format.
		</span>
	</p>
	<p>With the certificate copied to the server where TOTVS Fluig Platform is
		installed, follow the steps below.</p>
	<h1 id="ConfigurarHTTPS-ProcedimentosdeConfiguraçãodeSSL">SSL
		Configuration Procedures</h1>
	<ul>
		<li>Stop the JBoss service at Fluig.</li>
		<li><span style="font-size: 10.0pt; line-height: 13.0pt;">Change
				the </span><em style="font-size: 10.0pt; line-height: 13.0pt;">web
				subsystem</em><span style="font-size: 10.0pt; line-height: 13.0pt;">
				tab in the standalone.xml file</span></li>
		<li><p>
				Change the <em>socket-binding</em> tag in the <em>http
					connector</em> and add the <em>https connector</em>. Configure the <em>&lt;ssl></em>
				tag with the right paths to the certificate.<br />
				<br />
			</p>
			<div class="code panel pdl" style="border-width: 1px;">
				<div class="codeContent panelContent pdl">
					<pre class="theme: Confluence; brush: html/xml; gutter: false"
						style="font-size: 12px;">&lt;subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
	&lt;connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="localhost"/>
	&lt;connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
		&lt;ssl name="${ssl_name}" password="${senha_certificado_ssl}" certificate-key-file="${diretório_certificado}.p12" protocol="ALL" ca-certificate-file="${diretório_certificado}.p12" keystore-type="PKCS12" truststore-type="PKCS12" session-timeout="1800"/>
	&lt;/connector>
&lt;virtual-server name="default-host" enable-welcome-root="false">
&lt;sso cache-container="web" cache-name="sso" reauthenticate="false"/>
&lt;/virtual-server>
&lt;/subsystem></pre>
				</div>
			</div></li>
	</ul>
	<p>&#160;</p>
	<div class="aui-message hint shadowed information-macro">
		<p class="title">Note</p>
		<span class="aui-icon icon-hint">Icon</span>
		<div class="message-content">
			<p>&#160;The following changes are required for the correct
				indexing of content on Fluig.</p>
		</div>
	</div>
	<p>&#160;</p>
	<ul>
		<li><p>
				Change the property <em>totvs/solrURL&#160;</em>as follows:
			</p>
			<div class="code panel pdl" style="border-width: 1px;">
				<div class="codeContent panelContent pdl">
					<pre class="theme: Confluence; brush: html/xml; gutter: false"
						style="font-size: 12px;">&lt;property name="totvs/solrURL" value="http://127.0.0.1:8080/indexer"/></pre>
				</div>
			</div></li>
		<li><p>
				On the <em>interface</em> tag, add a new <em>interface.</em>
			</p>
			<div class="code panel pdl" style="border-width: 1px;">
				<div class="codeContent panelContent pdl">
					<pre class="theme: Confluence; brush: html/xml; gutter: false"
						style="font-size: 12px;">&lt;interface name="localhost">
    &lt;inet-address value="127.0.0.1"/>
&lt;/interface>
</pre>
				</div>
			</div></li>
		<li><p>
				On the&#160;<em>socket-binding-group</em> tag, add a new&#160;<em>socket-binding-group.</em>
			</p>
			<div class="code panel pdl" style="border-width: 1px;">
				<div class="codeContent panelContent pdl">
					<pre class="theme: Confluence; brush: html/xml; gutter: false"
						style="font-size: 12px;">&lt;socket-binding name="localhost" interface="localhost" port="8080" fixed-port="true"/>
</pre>
				</div>
			</div></li>
		<li>Then, when restarting the JBoss service on Fluig, the access
			will be via HTTPS, on port 8443.</li>
	</ul>
	<p>&#160;</p>
	<h1 id="ConfigurarHTTPS-Configurarchatenotificações">Configure
		chat and notifications</h1>
	<p>When configuring TOTVS Fluig Platform to work with HTTPS, the same should be
		done with the service responsible for the Chat and notifications
		(delivery of data from server to customers).</p>
	<p>&#160;</p>
	<p>
		For such, the<em>&#160;${FLUIG_HOME}/node/bin/package.json</em>&#160;file
		must be edited, adding the following information:
	</p>
	<div class="code panel pdl" style="border-width: 1px;">
		<div class="codeContent panelContent pdl">
			<pre class="theme: Confluence; brush: javascript; gutter: false"
				style="font-size: 12px;">"ssl" : {
     "usessl": true,
	 "port": 8443,
     "key": "/root/ssl/server.key",
     "cert": "/root/ssl/server.crt",
     "ca": "/root/ssl/server.crt"
}</pre>
		</div>
	</div>
	<p>
		<span><br /></span>
	</p>
	<p>
		<span>The attributes must be changed as follows:</span>
	</p>
	<div class="table-wrap">
		<table class="confluenceTable">
			<tbody>
				<tr>
					<td class="highlight confluenceTd"><p align="center">
							<span style="color: rgb(0, 51, 102);">Attribute</span>
						</p></td>
					<td class="highlight confluenceTd"><p align="center">
							<span style="color: rgb(0, 51, 102);">Description</span>
						</p></td>
				</tr>
				<tr>
					<td class="confluenceTd"><p>
							<strong>usessl</strong>
						</p></td>
					<td class="confluenceTd"><p>
							Inform as <strong>true</strong> to characterize the use of HTTPS
							configuration
						</p></td>
				</tr>
				<tr>
					<td class="confluenceTd"><p>
							<strong>port</strong>
						</p></td>
					<td class="confluenceTd"><p>Inform the port configured to
							receive HTTPS requests</p></td>
				</tr>
				<tr>
					<td class="confluenceTd"><p>
							<strong>key</strong>
						</p></td>
					<td class="confluenceTd"><p>Inform the key file path</p></td>
				</tr>
				<tr>
					<td colspan="1" class="confluenceTd"><strong>cert</strong></td>
					<td colspan="1" class="confluenceTd">Inform the certificate
						file path</td>
				</tr>
				<tr>
					<td colspan="1" class="confluenceTd"><strong>ca</strong></td>
					<td colspan="1" class="confluenceTd">Inform the certificate
						file path</td>
				</tr>
			</tbody>
		</table>
	</div>
	<div class="aui-message hint shadowed information-macro">
		<p class="title">Note</p>
		<span class="aui-icon icon-hint">Icon</span>
		<div class="message-content">
			<p>After the change, the Node.js service must be restarted.</p>
		</div>
	</div>
	<div class="aui-message warning shadowed information-macro">
		<p class="title">Note</p>
		<span class="aui-icon icon-warning">Icon</span>
		<div class="message-content">
			<p>
				If the server has a&#160;<strong>proxy</strong>, it is necessary to
				release the chat ports to <em>SSL</em> on the <em>proxy.</em>
			</p>
		</div>
	</div>
	<p>
		<span><br /></span>
	</p>
	<p>&#160;</p>
	<p>&#160;</p>
</div>