Enable https / set SSL certificate
Last updated
Last updated
Before enabling https for Helmut4, make sure you have a valid SSL certificate in place.
We recommend to define an easy DNS name, which allows any user to open the webiste without any hassle.
You need to use X509CO cert format
The .key must be RSA, we do not support elliptic-curve for now
The .key file should not be password protected
Please ensure the SSL certificate is signed and valid
The certificate needs to be named: server.crt
The key needs to be named: server.key
Access to the helmut4 server as well to portainer
This operation will interrupt Helmut's normal operation. Please plan a downtime window and ensure an up-to-date backup is done before changing any configuration.
It is preferable to use a certificate issued by an official Certificate Authority (CA), especially if the system is hosted on a public network or cloud instance.
If you are using a self-generated certificate, please ensure that you set a proper Common Name (CN) and Certificate Subject Alternative Name. For instance, if a DNS name is missing or a user attempts to access the server using its IP address via HTTPS, it may result in a disconnection error displayed as "Helmut Client is not running".
Open a remote connection to your server and transfer your certificate to it.
The two certificate files (server.crt + server.key) should be copied into /root/certs
It is possible to use another location but this would require additional configuration (-> volumes)
Open a browser, navigate to portainer - http://helmut_server_address:9000 and log in.
Navigate to the helmut4 stack via primary (1) -> stacks (2) -> helmut4 (3) -> editor (4)
Navigate to the traefik container configuration and look for this command, which should be around line 13:
Remove the # from the beginning, so the configuration looks like this
If you have this line, and it starts with a #, delete this character to uncomment the line. If you don't have this line, please add it below the image: line
Navigate now to the volumes section of the treafik configuration, which should start around line 42.
Please remove the # form the volume entry, so the mapping look like this
Scroll all the way down and click the "update the stack" button.
Once the stack has been re-deployed, the helmut4 webpage can be accessed using https://
Once the stack has been re-deployed, the helmut4 webpage can be accessed using https:// Please check if the certificate is represented and trusted by your local authority.
When dealing with a PEM certificate, whether singular or split (cert + key), the recommended method for conversion into .crt and .key files is to open them in an editor and copy/paste the content into the respective server.* files.
Caution is advised: ensure there are no empty lines at the end of both files, as this may cause issues. We recommend removing any comments as well. This is an example of a PEM file containing both the key and certificate.
If there are several certificates for a CA-chain those need to be copied one after another which will look like this:
Utilizing SSL will significantly affect communication between the client and the panels. When SSL is employed, all communication between these two entities will be transmitted via https://localhost. In contrast, if Helmut is used without SSL, the communication will be switched to http://localhost.
To facilitate this, a certificate issued by MoovIT will be employed. In the event that this certificate is not approved by the local security department, there is the option to configure a custom .p12 certificate, which can be utilized for this communication.
Information intended for the panel will be sent from the website to the client using the dedicated SSL certificate set up, for example, at https://helmut.domain. The information will then be processed and forwarded from the client to the panel, utilizing https://localhost, as there is no direct communication between the panel and the website.