Introduction
HummerRisk is an open source cloud-native security platform that solves cloud-native security and governance issues in a non-intrusive manner. Core capabilities include hybrid cloud security governance and cloud-native security detection.
HTTPS (Hypertext Transfer Protocol Secure) is a protocol that protects network communication security through encryption and authentication. It is a secure version based on the HTTP protocol, which uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols for encryption and decryption during data transmission.
Configuring HTTPS is a standard practice for modern Internet applications. It provides multiple benefits such as data security, user trust and protection, SEO optimization, compliance requirements, and improved user experience. Whether it is a personal website, a corporate website or an e-commerce platform, HTTPS should be configured to protect the security of users and data.
Why configure HTTP
Configuring HTTPS is mainly to ensure the security of network communication and protect user privacy. Here are a few main reasons:
- Data security: HTTPS uses an encryption mechanism to encrypt data transmission to prevent third parties from eavesdropping, tampering or intercepting sensitive information. This includes login credentials, personal details, credit card information, etc., ensuring the confidentiality and integrity of the data during transmission.
- User trust and protection: HTTPS uses digital certificates to authenticate websites and verify the authenticity and credibility of websites. This helps build user trust in the website and reduces users being the target of phishing, fraud or malicious attacks. At the same time, HTTPS also prevents malicious third parties from inserting advertisements, malware, or implanting malicious code between users and websites.
- SEO optimization: Search engines (such as Google) use HTTPS as an important indicator for their ranking algorithms. Configuring HTTPS can improve the ranking of the website in search engine results, and increase the exposure and traffic of the website. For business websites and online businesses, this is very important in attracting visitors and potential customers.
- Compliance requirements and legal requirements: Many industries and regulations have strict requirements for the security of data transmission, especially those involving personally identifiable information, financial data or healthcare information. Configuring HTTPS can meet compliance requirements and avoid legal risks and penalties caused by data leakage or security breaches.
- Improved user experience: HTTPS not only provides greater security, but also improves the overall experience for users. HTTPS prevents traffic hijacking and tampering, ensuring that communications between users and websites are secure. Users will feel higher reliability and security when using websites connected by HTTPS, thereby increasing their trust and satisfaction with the website.
How to configure https access for the HummerRisk platform?
After we use the HummerRisk installation script to install, the default is to use http for access. If you need to configure https access, you need to complete the following steps.
prerequisites:
- HummerRisk has been deployed and can be accessed normally through the browser
- HTTPS certificate, which can be purchased by you or
apply for a free SSL certificate using Let's Encrypt
1. Connect to the HummerRISk deployment server, enter the /opt/hummerrisk/conf/nginx directory, and edit the hummerrisk.conf file
server {
listen 80;
listen [::]:80;
server_name hummerrisk.example.com; # 这里替换为你的域名
listen 443 ssl; # managed by Certbot
# RSA certificate
ssl_certificate /etc/nginx/ssl/ca.crt; # managed by Certbot
ssl_certificate_key /etc/nginx/ssl/ca.key; # managed by Certbot
client_max_body_size 5000m;
server_tokens off;
location / {
try_files $uri / /index.html;
alias /opt/hmr-ui/;
}
location = /login {
try_files $uri /login.html;
alias /opt/hmr-ui/;
}
location /prod-api/{
proxy_http_version 1.1;
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://gateway:8080/;
}
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}2. Enter the /opt/hummerrisk/compose/ directory, edit docker-compose-app.yml, and modify the certificate mount in Docker compose
ui:
image: hummerrisk/hmr-ui:${VERSION}
container_name: hmr-ui
restart: on-failure
mem_limit: 512m
mem_reservation: 128M
cpus: 0.5
env_file:
- ${HMR_BASE}/conf/hummerrisk/hummerrisk.env
ports:
- ${HMR_HTTP_PORT}:80
- ${HMR_HTTPS_PORT}:443
healthcheck:
test: "curl -fsL http://localhost:80> /dev/null"
interval: 10s
timeout: 5s
retries: 10
start_period: 60s
volumes:
- ${HMR_BASE}/logs/hummer-ui:/var/log/nginx/
- ${HMR_BASE}/conf/nginx/hummerrisk.conf:/etc/nginx/conf.d/default.conf
- ${HMR_BASE}/conf/nginx/cert:/etc/nginx/ssl/
networks:
- net
depends_on:
auth:
condition: service_healthy
3. Upload the certificate file to /opt/hummerrisk/conf/nginx/cert, rename the certificate to ca.crt, and rename the private key to ca.key
4. Modify the configuration file, change the mapped port, /opt/hummerrisk/conf/install.conf
## Service web端口
HMR_HTTP_PORT=80
HMR_HTTPs_PORT=4435. Restart HummerRisk to make the configuration take effect
hrctl restartauthenticated access
Use a browser to access, you can see that the website is safe on the top of the browser, and you can see the certificate information.
About HummerRisk
HummerRisk is an open source cloud-native security platform that solves cloud-native security and governance issues in a non-intrusive manner. Core capabilities include hybrid cloud security governance and K8S container cloud security detection.
GitHub address: https://github.com/HummerRisk/HummerRisk
Gitee Address: https://gitee.com/hummercloud/HummerRisk