- ABP Framework version: v8.0.3
- UI Type: MVC
- Database System: EF Core - PostgreSQL
- Tiered (for MVC) or Auth Server Separated (for Angular): no
Hello!
I want to request your help. I am trying to disable any HTTPS or SSL/TLS requirements for my production app. Let me give you a little context. I am moving away from Nginx and have started using CaddyServer as a reverse proxy. Since CaddyServer manages the Https enforcement and an automatic SSL certification for my domain. It is complex to keep CaddyServer to work with a non-SAN certification like the one that we can create with Let's Encrypt for our internal IPs. So I would like to disable any kind of HTTPS or SSL/TLS requirement in the application because I am going to handle that in the reverse proxy as following the advice of Microsoft here (https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-5.0&tabs=visual-studio%2Clinux-ubuntu).
Could you please help me approach this?
Thanks!
Apps deployed in a reverse proxy configuration allow the proxy to handle connection security (HTTPS). If the proxy also handles HTTPS redirection, there's no need to use HTTPS Redirection Middleware. If the proxy server also handles writing HSTS headers (for example, native HSTS support in IIS 10.0 (1709) or later), HSTS Middleware isn't required by the app. For more information, see Opt-out of HTTPS/HSTS on project creation.
3 Answer(s)
-
0
Hi,
ABP does not require HTTPS, it should work in HTTP, are you facing any specific issues?
-
0
It seems that it still requires a PFX. If I delete the openiddict.pfx or comment this line in my WebModule.cs, the application doesn't work
PreConfigure<OpenIddictServerBuilder>(serverBuilder => { serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "1234"); });
-
0
Hi,
This is the certificate used for encryption internally by openiddict, unlike HTTPS. it's necessary
- https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
- https://docs.abp.io/en/abp/latest/Deployment/Configuring-OpenIddict#production-environment