Enabling HTTPS for on-premise GitProtect installation

Linux & Windows

Configuration

Open the appsettings.json file located in the GitProtect Management Service installation directory:
- Windows (default): C:\Program Files\Xopero ONE Backup&Recovery
- Linux (default): /opt/XoperoONEManagementService

The file is a standard JSON configuration file that needs to be modified.

Locate the "commented_out_Kestrel" section, which by default looks like this:

"commented_out_Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://*:5000"
}

Modify the section by removing the commented_out_ prefix and providing the HTTPS configuration as follows:

"Kestrel": {
"Endpoints": {
      		"Http": {
      		 		"Url": "http://*:5000"
      },
		"Https": {
				"Url": "https://*:5001",
				"Certificate":{
						"Path": "<.pfx file path>",
						"Password": "<certificate password>"
		}
	  }
    }
  }

Path - path to .pfx file (Remember to use double slash, so in case you're keeping the certificate in C:\cert.pfx directory provide the path in the following way: C:\\cert.pfx)

Path: full path to the .pfx certificate file. Remember to use double backslashes on Windows. For example, if the certificate is located at C:\cert.pfx, enter it as:
```
C:\\cert.pfx
```
Password: the password for the certificate.

Learn more about the Kestrel configuration on the official Microsoft website.

Restarting the GitProtect Management Service

After editing the appsettings.json file, restart the GitProtect Management Service to apply the changes:

On Windows:

net stop XoperoONEManagementService
net start XoperoONEManagementService

On Linux:

systemctl restart XoperoONEManagementService

After setting up HTTPS for the Management Service, you need to switch worker communication to HTTPS. To do this, locate the config.json file in the worker installation directory (by default: C:\Program Files\Xopero ONE Backup&Recovery Agent), open it in a text editor, and modify the ServiceUrl parameter to use the https:// protocol. Save the changes and restart the worker to apply the new settings.

Docker

Configuration

When deploying a container with your GitProtect service, you must include two additional environment variables: ASPNETCORE_Kestrel__Certificates__Default__Path and ASPNETCORE_Kestrel__Certificates__Default__Password. These variables define the path to your SSL certificate and its corresponding password, respectively.

As the Value of specific variables enter as follows:

ASPNETCORE_Kestrel__Certificates__Default__Path — path to certificate in .pfx format.
ASPNETCORE_Kestrel__Certificates__Default__Password — password to certificate.

Example:

It is essential to ensure that the certificate is stored in a mounted and persistent location, so that it remains available and is not removed or lost during container updates or redeployments.

It is important to note that, besides implementing the certificate on the management console host, all devices connecting to the console must also recognize this certificate as trusted. Therefore, when using a self-signed certificate, you must import it on every device that will connect to the console. Otherwise, the encrypted HTTPS connection may be rejected due to the certificate not being trusted.

Last updated 19 days ago