Introduction
When we first connect to OpenBoxes, there are three glaringly obvious problems with our current configuration (see screenshot below).
- Insecure traffic over HTTP (should always use HTTPS instead of HTTP)
- Ugly IP address in the URL (should be your custom domain name)
- Port number in the URL (should never display port number)
Solutions and Recommendations¶
You are free to choose the solution that works best for your situation.
Remove Port Number from URL¶
Option 1. Install a web server (Nginx, Apache) to forward requests to Tomcat¶
Follow instructions in the Configure Reverse Proxy guide.
Option 2. Configure Tomcat to listen on port 80/443 instead of 8080/8443¶
Follow the instructions in the Tomcat 9.0 SSL/TLS Configuration How-To guide.
Option 3. Configure a Load Balancer to forward requests to Tomcat (same as 1, but slightly easier)¶
Consult documentation provided by your hosting provider.
Remove IP Address from URL¶
Option 1: Replace IP address with custom domain name [recommended]¶
- Register domain name with domain registrar
- Create DNS record for new domain
- Configure custom domain name in openboxes.yml (see
grails.serverURL
config) - Verify traffic is routed to server and URL is rewritten properly
Option 2: Use load balancer service of your hosting provider¶
- Consult documentation provided by your hosting provider.
Option 3: Use Dynamic DNS service coupled with port forwarding on your router.¶
- Consult documentation provided by your dynamic DNS service.
Insecure traffic over HTTP¶
Option 1: Use Certbot / Let's Encrypt (free) [recommended]¶
- Install Certbot
- Configure web server (Nginx, Apache) to handle SSL termination
- Automate renewal of Certbot certificates
Option 2: Purchase an SSL certificate from a trusted certificate authority¶
- Configure web server (Nginx, Apache) to handle SSL termination
- Set up calendar reminders to alert you when an SSL certificate is about to expire
- Manually renew certification before expiration
Next Steps¶
To get started with our recommended best practices, click the Next link below.