circle-check
Xopero ONE version 2.1.0 is now available. This release introduces Jira granular backup and additional improvements.
CHANGELOGchevron-right
search
🏠︎ HOME@ WEBSITE↘ FREE TRIAL✉︎ CONTACT SUPPORT

globe-pointerEnabling HTTPS for on-premise Xopero ONE installation

hashtag
Linux & Windows

hashtag
Configuration

  1. Open the appsettings.json file located in the Xopero ONE Management Service installation directory:

    • Windows (default): C:\Program Files\Xopero ONE Backup&Recovery

    • Linux (default): /opt/XoperoONEManagementService

circle-info

The file is a standard JSON configuration file that needs to be modified.

  1. Locate the "commented_out_Kestrel" section, which by default looks like this:

"commented_out_Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://*:5000"
}

  1. Modify the section by removing the commented_out_ prefix and providing the HTTPS configuration as follows:

"Kestrel": {
"Endpoints": {
      		"Http": {
      		 		"Url": "http://*:5000"
      },
		"Https": {
				"Url": "https://*:5001",
				"Certificate":{
						"Path": "<.pfx file path>",
						"Password": "<certificate password>"
		}
	  }
    }
  }

Path - path to .pfx file (Remember to use double slash, so in case you're keeping the certificate in C:\cert.pfx directory provide the path in the following way: C:\\cert.pfx)

  • Path: full path to the .pfx certificate file. Remember to use double backslashes on Windows. For example, if the certificate is located at C:\cert.pfx, enter it as:

  • Password: the password for the certificate.

circle-info

Learn more about the Kestrel configuration on the official Microsoft websitearrow-up-right.

hashtag
Restarting the Xopero ONE Management Service

After editing the appsettings.json file, restart the Xopero ONE Management Service to apply the changes:

  • On Windows:

  • On Linux:

triangle-exclamation

After setting up HTTPS for the Management Service, you need to switch agent communication to HTTPS. To do this, locate the config.json file in the agent installation directory (by default: C:\Program Files\Xopero ONE Backup&Recovery Agent), open it in a text editor, and modify the ServiceUrl parameter to use the https:// protocol. Save the changes and restart the agent to apply the new settings.

hashtag
Docker

hashtag
Configuration

When deploying a container with your Xopero ONE service, you must include two additional environment variables: ASPNETCORE_Kestrel__Certificates__Default__Path and ASPNETCORE_Kestrel__Certificates__Default__Password. These variables define the path to your SSL certificate and its corresponding password, respectively.

As the Value of specific variables enter as follows:

  • ASPNETCORE_Kestrel__Certificates__Default__Path — path to certificate in .pfx format.

  • ASPNETCORE_Kestrel__Certificates__Default__Password — password to certificate.

Example:

It is essential to ensure that the certificate is stored in a mounted and persistent location, so that it remains available and is not removed or lost during container updates or redeployments.

circle-exclamation

It is important to note that, besides implementing the certificate on the management console host, all devices connecting to the console must also recognize this certificate as trusted. Therefore, when using a self-signed certificate, you must import it on every device that will connect to the console. Otherwise, the encrypted HTTPS connection may be rejected due to the certificate not being trusted.

Last updated