Liferay 7 HTTPS Support

掲示板

7年前に Marcel Liphardt によって更新されました。

Liferay 7 HTTPS Support

Junior Member 投稿: 28 参加年月日: 17/01/04 最新の投稿

I would like to know how to set up the HTTPS support for our Liferay 7 CE GA3 portal.
I know that there is a post from 2014 described here: https://web.liferay.com/de/web/meera.success/blog/-/blogs/liferay-portal-ssl-configuration
But the problem here is that i can't find the exact line in on of the standalone.xml: <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>, where I have to add the HTTPS line. Did something change in the newer version of Jboss and Wildfly 10???

7年前に David H Nebinger によって更新されました。

RE: Liferay 7 HTTPS Support

Liferay Legend 投稿: 14919 参加年月日: 06/09/02 最新の投稿

Honestly I usually recommend terminating SSL at apache instead of in the app server. In the app server you're dealing with java (sometimes interpreted) code and honestly there is little need to support ssl between the web server and app server (unless you're paranoid and require end to end ssl).

7年前に Olaf Kock によって更新されました。

RE: Liferay 7 HTTPS Support

Liferay Legend 投稿: 6403 参加年月日: 08/09/23 最新の投稿

David H Nebinger:

Honestly I usually recommend terminating SSL at apache instead of in the app server.

Seconding David. And it's actually not so much Liferay that supports https (other than generating proper https link when required), but it's JBoss, Tomcat or whatever application server that either is configured for https or is proxied by an SSL-Terminator (e.g. Apache httpd).

Using Apache httpd has the nice side effect that your Java application has no access whatsoever to the private key, protecting it quite well in the case of an attack. With Apache httpd, root can own (and can have exclusive access to) the key - the server will drop root permissions after having read the key.

You might want to add the HSTS header to Apache's configuration (that's easier than adding it to Liferay, I've done it in an old version)