Foros de discusión

  1. Inicio
  2. Portal
  3. Liferay 7 HTTPS Support

Liferay 7 HTTPS Support

Marcel Liphardt, modificado hace 7 años.

Liferay 7 HTTPS Support

Junior Member Mensajes: 28 Fecha de incorporación: 4/01/17 Mensajes recientes
I would like to know how to set up the HTTPS support for our Liferay 7 CE GA3 portal.
I know that there is a post from 2014 described here: https://web.liferay.com/de/web/meera.success/blog/-/blogs/liferay-portal-ssl-configuration
But the problem here is that i can't find the exact line in on of the standalone.xml: <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>, where I have to add the HTTPS line. Did something change in the newer version of Jboss and Wildfly 10???
thumbnail
David H Nebinger, modificado hace 7 años.

RE: Liferay 7 HTTPS Support

Liferay Legend Mensajes: 14919 Fecha de incorporación: 2/09/06 Mensajes recientes
Honestly I usually recommend terminating SSL at apache instead of in the app server. In the app server you're dealing with java (sometimes interpreted) code and honestly there is little need to support ssl between the web server and app server (unless you're paranoid and require end to end ssl).
thumbnail
Olaf Kock, modificado hace 7 años.

RE: Liferay 7 HTTPS Support

Liferay Legend Mensajes: 6403 Fecha de incorporación: 23/09/08 Mensajes recientes
David H Nebinger:
Honestly I usually recommend terminating SSL at apache instead of in the app server.


Seconding David. And it's actually not so much Liferay that supports https (other than generating proper https link when required), but it's JBoss, Tomcat or whatever application server that either is configured for https or is proxied by an SSL-Terminator (e.g. Apache httpd).

Using Apache httpd has the nice side effect that your Java application has no access whatsoever to the private key, protecting it quite well in the case of an attack. With Apache httpd, root can own (and can have exclusive access to) the key - the server will drop root permissions after having read the key.

You might want to add the HSTS header to Apache's configuration (that's easier than adding it to Liferay, I've done it in an old version)