Foren

  1. Startseite
  2. Portal
  3. Liferay 7 HTTPS Support

Liferay 7 HTTPS Support

Marcel Liphardt, geändert vor 7 Jahren.

Liferay 7 HTTPS Support

Junior Member Beiträge: 28 Beitrittsdatum: 04.01.17 Neueste Beiträge
I would like to know how to set up the HTTPS support for our Liferay 7 CE GA3 portal.
I know that there is a post from 2014 described here: https://web.liferay.com/de/web/meera.success/blog/-/blogs/liferay-portal-ssl-configuration
But the problem here is that i can't find the exact line in on of the standalone.xml: <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>, where I have to add the HTTPS line. Did something change in the newer version of Jboss and Wildfly 10???
thumbnail
David H Nebinger, geändert vor 7 Jahren.

RE: Liferay 7 HTTPS Support

Liferay Legend Beiträge: 14919 Beitrittsdatum: 02.09.06 Neueste Beiträge
Honestly I usually recommend terminating SSL at apache instead of in the app server. In the app server you're dealing with java (sometimes interpreted) code and honestly there is little need to support ssl between the web server and app server (unless you're paranoid and require end to end ssl).
thumbnail
Olaf Kock, geändert vor 7 Jahren.

RE: Liferay 7 HTTPS Support

Liferay Legend Beiträge: 6403 Beitrittsdatum: 23.09.08 Neueste Beiträge
David H Nebinger:
Honestly I usually recommend terminating SSL at apache instead of in the app server.


Seconding David. And it's actually not so much Liferay that supports https (other than generating proper https link when required), but it's JBoss, Tomcat or whatever application server that either is configured for https or is proxied by an SSL-Terminator (e.g. Apache httpd).

Using Apache httpd has the nice side effect that your Java application has no access whatsoever to the private key, protecting it quite well in the case of an attack. With Apache httpd, root can own (and can have exclusive access to) the key - the server will drop root permissions after having read the key.

You might want to add the HSTS header to Apache's configuration (that's easier than adding it to Liferay, I've done it in an old version)