starlingx/docs
Code Issues Proposed changes
docs/doc/source/security/kubernetes/enable-https-access-for-starlingx-rest-and-web-server-endpoints.rst
Suzana Fernandes 4a963a7bab Continue to support INSECURE HTTP protocol for bootimage.iso downloads (dsr10) 
Change-Id: Ibd19ebc7d6a16683db8d8af16a0cac3a5793b308
Signed-off-by: Suzana Fernandes <Suzana.Fernandes@windriver.com>
2024-12-20 14:13:27 +00:00

1.6 KiB
Raw Blame History

HTTPS Access for StarlingX REST and Web Server Endpoints

When secure HTTPS connectivity is enabled, HTTP is disabled.

Note

When you change from HTTP to HTTPS, or from HTTPS to HTTP:

  • Remote CLI users must re-source the rc file.

  • Public endpoints are changed to HTTP or HTTPS, depending on which is enabled.

  • You must change the port portion of the Horizon Web interface URL.

    For HTTPS, use https:<oam-floating-ip-address>:8443

  • You must logout and re-login into Horizon for the HTTPS Access changes to be displayed accurately in Horizon.

Moving forward, the system will have HTTPS enabled by default, as the REST API & Web Server certificate will be issued from bootstrap using the Platform Issuer (system-local-ca). This certificate will be renewed by cert-manager, and can be updated using procedure in migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d.

Note

Disabling HTTPS should be limited to strictly necessary situations, and the usage should be considered deprecated. The following commands can be used to modify the HTTPS enabled configuration:

system modify -p true|false
system modify --https_enabled true|false