Liferay 7 HTTPS Support

留言板

Marcel Liphardt，修改在7 年前。

Liferay 7 HTTPS Support

Junior Member 帖子: 28 加入日期: 17-1-4 最近的帖子

I would like to know how to set up the HTTPS support for our Liferay 7 CE GA3 portal.
I know that there is a post from 2014 described here: https://web.liferay.com/de/web/meera.success/blog/-/blogs/liferay-portal-ssl-configuration
But the problem here is that i can't find the exact line in on of the standalone.xml: <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>, where I have to add the HTTPS line. Did something change in the newer version of Jboss and Wildfly 10???

David H Nebinger，修改在7 年前。

RE: Liferay 7 HTTPS Support

Liferay Legend 帖子: 14919 加入日期: 06-9-2 最近的帖子

Honestly I usually recommend terminating SSL at apache instead of in the app server. In the app server you're dealing with java (sometimes interpreted) code and honestly there is little need to support ssl between the web server and app server (unless you're paranoid and require end to end ssl).

Olaf Kock，修改在7 年前。

RE: Liferay 7 HTTPS Support

Liferay Legend 帖子: 6403 加入日期: 08-9-23 最近的帖子

David H Nebinger:

Honestly I usually recommend terminating SSL at apache instead of in the app server.

Seconding David. And it's actually not so much Liferay that supports https (other than generating proper https link when required), but it's JBoss, Tomcat or whatever application server that either is configured for https or is proxied by an SSL-Terminator (e.g. Apache httpd).

Using Apache httpd has the nice side effect that your Java application has no access whatsoever to the private key, protecting it quite well in the case of an attack. With Apache httpd, root can own (and can have exclusive access to) the key - the server will drop root permissions after having read the key.

You might want to add the HSTS header to Apache's configuration (that's easier than adding it to Liferay, I've done it in an old version)