Skip to main content
Version: 4.46.0

Deploy Xill4 with HTTPS

It is possible to deploy Xill4 with HTTPS. Xill4 has no support for TLS, so a reverse proxy has to be used. Deploying Xill4 with HTTPS has been tested with Traefik and Nginx. The following guide is an example of how to setup Nginx as a reverse proxy in order to serve Xill4 over HTTPS.

You will need a valid SSL certificate for your host (.crt and .key file). Once a certificate is obtained, follow these steps:

  1. Make sure Xill4 is running
  2. Configure nginx.conf. An example file is given below. Apply the following changes in the example configuration.
    • Update the ___REPLACE_WITH_HOSTNAME___ values. It should reflect the hostname. Example: xill4.yourCompany.com.
    • Update the ___REPLACE_WITH_CERT_PATH___ values to the location of your .crt file.
    • Update the ___REPLACE_WITH_KEY_PATH___ values to the location of your .key file.
    • Update the ___REPLACE_WITH_LOG_PATH___ values to the location where your like to store the log files. It is recommended to store them in a subdirectory of the Xill4 logs folder %pathToXill4%/logs/nginx.
  3. Start Nginx.

Note that if either Nginx or Xill4 is deployed with Docker, proxy_pass http://localhost:8000 will not work and will have to be changed.

Example configuration file for Nginx:

worker_processes  1;

events {
worker_connections 1024;
}

http {

include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
proxy_http_version 1.1;

server {
listen 80;
listen 443 ssl;

server_name ___REPLACE_WITH_HOSTNAME___;
charset utf-8;

# SSL configuration
ssl_certificate ___REPLACE_WITH_CERT_PATH___.crt;
ssl_certificate_key ___REPLACE_WITH_KEY_PATH___.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

access_log ___REPLACE_WITH_LOG_PATH___/xill4_access.log;
error_log ___REPLACE_WITH_LOG_PATH___/xill4_error.log;
location / {
proxy_pass http://localhost:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

# max 15 minutes keep-alive
proxy_read_timeout 600s;

proxy_redirect off;
break;
}
}
}

Note that only absolute paths and forward slashes are supported.