# Enabling HTTPS for on-premise GitProtect installation
## Linux & Windows
### Configuration
1. Open the **appsettings.json** file located in the **GitProtect Management Service** installation directory:
* **Windows (default):** `C:\Program Files\Xopero ONE Backup&Recovery`
* **Linux (default):** `/opt/XoperoONEManagementService`
{% hint style="info" %}
The file is a standard **JSON** configuration file that needs to be modified.
{% endhint %}
2. Locate the `"commented_out_Kestrel"` section, which by default looks like this:
```json
"commented_out_Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://*:5000"
}
```
3. Modify the section by removing the `commented_out_` prefix and providing the HTTPS configuration as follows:
```json
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://*:5000"
},
"Https": {
"Url": "https://*:5001",
"Certificate":{
"Path": "<.pfx file path>",
"Password": ""
}
}
}
}
```
**Path** - path to .pfx file (Remember to use double slash, so in case you're keeping the certificate in **C:\cert.pfx** directory provide the path in the following way: **C:\\\cert.pfx)**
* **Path:** full path to the `.pfx` certificate file. Remember to use double backslashes on **Windows**. For example, if the certificate is located at `C:\cert.pfx`, enter it as:
```json
C:\\cert.pfx
```
* **Password:** the password for the certificate.
{% hint style="info" %}
Learn more about the **Kestrel** configuration on [the official **Microsoft** website](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-9.0).
{% endhint %}
### Restarting the GitProtect Management Service
After editing the **appsettings.json** file, restart the **GitProtect Management Service** to apply the changes:
* On **Windows**:
```cmd
net stop XoperoONEManagementService
net start XoperoONEManagementService
```
* On **Linux**:
```bash
systemctl restart XoperoONEManagementService
```
{% hint style="danger" %}
After setting up HTTPS for the **Management Service**, you need to switch worker communication to HTTPS. To do this, locate the **config.json** file in the worker installation directory (by default: `C:\Program Files\Xopero ONE Backup&Recovery Agent`), open it in a text editor, and modify the `ServiceUrl` parameter to use the `https://` protocol. Save the changes and restart the worker to apply the new settings.
{% endhint %}
***
## Docker
### Configuration
When deploying a container with your **GitProtect** service, you must include two additional environment variables: `ASPNETCORE_Kestrel__Certificates__Default__Path` and `ASPNETCORE_Kestrel__Certificates__Default__Password`. These variables define the path to your **SSL** certificate and its corresponding password, respectively.
As the **Value** of specific variables enter as follows:
* `ASPNETCORE_Kestrel__Certificates__Default__Path` — path to certificate in **.pfx** format.
* `ASPNETCORE_Kestrel__Certificates__Default__Password` — password to certificate.
Example:
It is essential to ensure that the certificate is stored in a **mounted and persistent location**, so that it remains available and is not removed or lost during container updates or redeployments.
{% hint style="warning" %}
It is important to note that, besides implementing the certificate on the management console host, all devices connecting to the console must also recognize this certificate as trusted. Therefore, when using a self-signed certificate, **you must import it on every device that will connect to the console**. Otherwise, the encrypted HTTPS connection may be rejected due to the certificate not being trusted.
{% endhint %}
.png?alt=media)