search

lucidworks / lucidworks-view

Create custom user experiences for your Fusion-powered apps.
https://lucidworks.com/view
Apache License 2.0
37 stars 23 forks source link

TI-137 and TI-29 allow https for view and get view to properly handle self signed certificates in the proxy #27

Closed JoshEllinger closed 8 years ago

JoshEllinger commented 8 years ago

Allows you to run View via https.

To test use a self signed cert: instructions for creating a self signed cert: https://devcenter.heroku.com/articles/ssl-certificate-self

in view use the new fusion config settings

  https: {
    key: 'path/to/your/server.key',
    cert: 'path/to/your/server.crt'
  },
  use_https: true,

when you restart view, you will get a page that says it is not secure, it is secure (this is default behavior for self signed cert) click advanced and then it will let you proceed to view View

Test steps for TI-29:

  1. install nginx locally.

    homebrew install nginx

  2. create a file /usr/local/etc/nginx/servers/fusion_proxy.conf with contents:

    server {
 listen      8769;
 server_name localhost;

 ssl_certificate /Users/joshuaellinger/Sites/test/server.crt;
 ssl_certificate_key /Users/joshuaellinger/Sites/test/server.key;

 ssl on;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
 ssl_prefer_server_ciphers on;

 location / {
   proxy_pass        http://localhost:8764;
   proxy_set_header  Host      $host;
   proxy_set_header  X-Real-IP $remote_addr;
 }
}

    where ssl_certificate and ssl_certificate_key are paths to artifacts on your machine.

  3. Edit your FUSION_CONFIG to look similar.

     host: 'https://localhost',
 port:'8769',

 proxy_allow_self_signed_cert: true, // Only turn on if you have a self signed proxy in front of fusion.
  4. run nginx (from anywhere) and npm start (from the view folder)
arielisaacs commented 8 years ago

Is there a way to add the path to the FUSION_CONFIG.js file. It's not currently showing up in mine, and I think that it should be there by default.

arielisaacs commented 8 years ago

On a fresh install of fusion, without setting anything up, i get the following screen. I think this hurts Fusion's "out of the box" usability. The default should be false to avoid this issue.

screen shot 2016-04-27 at 12 47 51 pm
arielisaacs commented 8 years ago

Testing with https set to false also fails after a couple of minutes. screen shot 2016-04-27 at 12 54 56 pm

arielisaacs commented 8 years ago

Where is the ssh key and cert stored by default? This information isn't in the instructions for how to generate them.

JoshEllinger commented 8 years ago

fixed default use_https param to be false.

ssh key and cert are in whatever folder you run the commands in. default would be '~' if it is a new command prompt

arielisaacs commented 8 years ago

The instructions should read brew install ngix