Skip to main content
Version: 4.53.0

Deploy Xill4 with HTTPS

It is possible to deploy Xill4 with HTTPS. Xill4 has no support for TLS, so a reverse proxy has to be used. Deploying Xill4 with HTTPS has been tested with Traefik and Nginx. The following guide is an example of how to setup Nginx as a reverse proxy in order to serve Xill4 over HTTPS.

You will need a valid SSL certificate for your host (.crt and .key file). Once a certificate is obtained, follow these steps:

  1. Make sure Xill4 is running.
  2. Configure nginx.conf. An example file is given below. Apply the following changes in the example configuration:
    • Update the ___REPLACE_WITH_HOSTNAME___ values. It should reflect the hostname. Example: xill4.yourCompany.com.
    • Update the ___REPLACE_WITH_CERT_PATH___ values to the location of your .crt file.
    • Update the ___REPLACE_WITH_KEY_PATH___ values to the location of your .key file.
    • Update the ___REPLACE_WITH_LOG_PATH___ values to the location where your like to store the log files. It is recommended to store them in a subdirectory of the Xill4 logs folder %pathToXill4%/logs/nginx.
  3. Start Nginx.
note

If either Nginx or Xill4 is deployed with Docker, proxy_pass http://localhost:8000 will not work and will have to be changed.

Example configuration file for Nginx:

worker_processes  1;

events {
    worker_connections  1024;
}

http {

    include            mime.types;
    default_type       application/octet-stream;
    sendfile           on;
    keepalive_timeout  65;
    proxy_http_version 1.1;

    server {
        listen        80;
        listen    443 ssl;

        server_name ___REPLACE_WITH_HOSTNAME___;
        charset     utf-8;

        # SSL configuration
        ssl_certificate ___REPLACE_WITH_CERT_PATH___.crt;
        ssl_certificate_key ___REPLACE_WITH_KEY_PATH___.key;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

        access_log ___REPLACE_WITH_LOG_PATH___/xill4_access.log;
        error_log ___REPLACE_WITH_LOG_PATH___/xill4_error.log;
        location / {
            proxy_pass         http://localhost:8000;
            proxy_http_version 1.1;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection "upgrade";
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_set_header Upgrade         $http_upgrade;
            proxy_set_header Connection      "upgrade";

            # max 15 minutes keep-alive
            proxy_read_timeout  600s;

            proxy_redirect     off;
            break;
        }
    }
}
note

Only absolute paths and forward slashes are supported.