Hi there,
I installed Enterprise Free Edition 3.0.5 on a VM and I’d like to expose the GraphStudio on HTTPS (port 443) for data security. Is there a way to config that?
Thanks!
John
Hi there,
I installed Enterprise Free Edition 3.0.5 on a VM and I’d like to expose the GraphStudio on HTTPS (port 443) for data security. Is there a way to config that?
Thanks!
John
Hi @John_Chen welcome to the community!
I installed Enterprise Free Edition 3.0.5 on a VM and I’d like to expose the GraphStudio on HTTPS (port 443) for data security. Is there a way to config that?
You can use the gadmin config
to make that change. There should be a config for changing that port. Once you make the change you will want to run gadmin config apply
and maybe to be safe run gadmin restart -y
More Commands Listed Here:
https://docs.tigergraph.com/admin/admin-guide/system-management/management-with-gadmin
Thanks Jon, nice to see you here! I’ll give it a try.
GLAD to see you here too!! @John_Chen Feel free to ask more questions by clicking “new topic” if you have anything else
Hi @John_Chen,
here are the steps:
gadmin config set Nginx.Port 443
gadmin config set Nginx.SSL.Enable true
gadmin config set Nginx.SSL.Cert “@/home/tigergraph/my_localhost_cert.crt”
gadmin config set Nginx.SSL.Key “@/home/tigergraph/my_localhost_cert.key”
Check the changes:
gadmin config diff
Nginx.Port: 14240 -> 443
Nginx.SSL.Cert: ->
Nginx.SSL.Enable: false -> true
Nginx.SSL.Key: ->
Apply it:
gadmin config apply
[ Note] Changes:
Nginx.Port: 14240 -> 1443
Nginx.SSL.Cert: ->
Nginx.SSL.Enable: false -> true
Nginx.SSL.Key: ->
Proceed to apply? (y/N)y
If you need to create a self-signed cert, here is how to do it with Linux:
Edit/Create a conf file with all the details, it’s easier than to type it all over again if you make a mistake:
nano my_localhost_cert.conf
[req]
default_bits = 2048
default_keyfile = my_localhost_cert.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = DE
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Bavaria
localityName = Locality Name (eg, city)
localityName_default = Munich
organizationName = Organization Name (eg, company)
organizationName_default = localhost
organizationalUnitName = organizationalunit
organizationalUnitName_default = Dev
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = localhost
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1
DNS.3 = 192.168.64.101
DNS.4 = 10.9.8.4
As you see you can assign multiple IP addresses / DNS names if you need to.
Create the certificate and the key:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout my_localhost_cert.key -out my_localhost_cert.crt -config my_localhost_cert.conf
Best,
Bruno
Thanks Bruno for the detailed instructions!