# Configuring HTTPS in Ingress

Open iT Ingress is configured to use secure browsing (HTTPS) by default, with an SSL Certificate and Key. If you need further configuration for the HTTPS setup, please review the relevant section for detailed instructions.

# Configure HTTPS with Windows Certificate Store

Open iT Ingress can use secure browsing (HTTPS) using SSL certificates installed in the Windows Certificate Store.

  1. Go to the Open iT Ingress configuration directory, which is C:\Program Files\OpeniT\Ingress\configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, input the necessary details.

    Fields Description
    Scheme Use this to specify the https protocol.
    Host Use this to specify the hostname or domain name.
    Warning: Hostnames or domain names cannot contain underscores _ since this is an invalid character according to the DNS specifications and RFC standards.
    Port Use this to specify the port number. You can use the default port for HTTPS, 443.
    Store Use this to specify the Certificate Store where your SSL certificate is stored.
    Location Use this to specify the appropriate store location.
    Required Fields for SSL Configuration in the Override File

    The Store field accepts only predefined certificate store values. These stores indicate where the SSL certificate is stored on the system. Refer to the table below for supported values and their usage:

    Stores Description
    My Use this to specify the Personal store, commonly used for client certificates or private keys.
    Root Use this to specify the Trusted Root Certification Authorities.
    AuthRoot Use this to specify the Third-party Root Certification Authorities.
    TrustedPeople Use this to specify the certificates of the trusted people.
    TrustedPublisher Use this to specify the trusted publishers, typically used for code signing.
    CA or Certificate Authority Use this to specify the intermediate Certification Authorities.
    AddressBook Use this to specify other users that are used for email encryption certificates.
    Disallowed Use this to specify revoked and explicitly untrusted certificates.
    Supported Certificate Stores for SSL Configuration

    The Location field determines where the certificate store is located. Choose one of the supported values below depending on whether the certificate applies to the current user, all users, or specific services:

    Store Location Description
    CurrentUser Use this to specify certificates that are available only to the currently logged-in user.
    LocalMachine Use this to specify certificates that are available system-wide for all users.
    Service Use this to specify certificates used by specific Windows services (e.g., IIS, SQL Server).
    GroupPolicy Use this to specify certificates deployed via Group Policy, which can apply either to a user or a machine.
    Supported Store Locations for SSL Configuration


    SiteBindings.Override.json
     1 | {
 2 |    "SiteBindings":  [
 3 |      { 
 4 |         "Scheme": "https",
 5 |         "Host": "customer.openit.com",
 6 |         "Port": "443",
 7 |         "Certificate": {
 8 |           "Store": "My",
 9 |           "Location": "LocalMachine"
10 |         }
11 |      }
12 |    ]
13 | }

  4. Save the file.

  5. Open the Task Manager.

  6. Go to the Services tab.

  7. Restart the OpeniTIngress service.

# Configure HTTPS with an SSL Certificate and Key

Open iT Ingress can use secure browsing (HTTPS) using an SSL certificate and key.

  1. Go to the Open iT Ingress configuration directory, which is C:\Program Files\OpeniT\Ingress\configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, input the necessary details.

    Fields Description
    Scheme Use this to specify the https protocol.
    Host Use this to specify the hostname or domain name.
    Warning: Hostnames or domain names cannot contain underscores _ since this is an invalid character according to the DNS specifications and RFC standards.
    Port Use this to specify the port number. You can use the default port for HTTPS, 443.
    Cert Use this to specify the path to the SSL certificate.
    Key Use this to specify the path to the SSL key.
    Required Fields for SSL Configuration in the Override File

    SiteBindings.Override.json
     1 | {
 2 |    "SiteBindings":  [
 3 |      { 
 4 |         "Scheme": "https",
 5 |         "Host": "customer.openit.com",
 6 |         "Port": "443",
 7 |         "Certificate": {
 8 |           "Cert": "C:\Program Files\OpeniT\Ingress\configuration\caddy\ssl.crt\server.crt",
 9 |           "Key": "C:\Program Files\OpeniT\Ingress\configuration\caddy\ssl.key\server.key"
10 |         }
11 |      }
12 |    ]
13 | }

  4. Save the file.

  5. Open the Task Manager.

  6. Go to the Services tab.

  7. Restart the OpeniTIngress service.

  1. Go to the Open iT Ingress configuration directory, which is /opt/openit/ingress/configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, input the necessary details.

    Fields Description
    Scheme Use this to specify the https protocol.
    Host Use this to specify the hostname or domain name.
    Warning: Hostnames or domain names cannot contain underscores _ since this is an invalid character according to the DNS specifications and RFC standards.
    Port Use this to specify the port number. You can use the default port for HTTPS, 443.
    Cert Use this to specify the path to the SSL certificate.
    Key Use this to specify the path to the SSL key.
    Required Fields for SSL Configuration in the Override File

    SiteBindings.Override.json
     1 | {
 2 |    "SiteBindings":  [
 3 |      { 
 4 |         "Scheme": "https",
 5 |         "Host": "customer.openit.com",
 6 |         "Port": "443",
 7 |         "Certificate": {
 8 |           "Cert": "/opt/openit/ingress/configuration/caddy/ssl.crt/server.crt",
 9 |           "Key": "/opt/openit/ingress/configuration/caddy/ssl.key/server.key"
10 |         }
11 |      }
12 |    ]
13 | }

  4. Save the file.

  5. Run the following command to restart Ingress:

    Command Syntax
    systemctl restart openit-ingress-api

# Configure HTTPS using Let's Encrypt

Open iT Ingress can use secure browsing (HTTPS) using Let's Encrypt.

  1. Go to the Open iT Ingress configuration directory, which is C:\Program Files\OpeniT\Ingress\configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, make sure that the Cert and Key fields are empty.

    This allows Caddy to automatically create a certificate.

    SiteBindings.Override.json
     1 | {
 2 |    "SiteBindings":  [
 3 |      { 
 4 |         "Scheme": "https",
 5 |         "Host": "customer.openit.com",
 6 |         "Port": "443",
 7 |         "Certificate": {
 8 |           "Cert": "",
 9 |           "Key": ""
10 |         }
11 |      }
12 |    ]
13 | }

  4. Save the file.

  5. Open the Task Manager.

  6. Go to the Services tab.

  7. Restart the OpeniTIngress service.

  1. Go to the Open iT Ingress configuration directory, which is /opt/openit/ingress/configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, make sure that the Cert and Key fields are empty.

    This allows Caddy to automatically create a certificate.

    SiteBindings.Override.json
     1 | {
 2 |    "SiteBindings":  [
 3 |      { 
 4 |         "Scheme": "https",
 5 |         "Host": "customer.openit.com",
 6 |         "Port": "443",
 7 |         "Certificate": {
 8 |           "Cert": "",
 9 |           "Key": ""
10 |         }
11 |      }
12 |    ]
13 | }

  4. Save the file.

  5. Run the following command to restart Ingress:

    Command Syntax
    systemctl restart openit-ingress-api

# Add Multiple Site Bindings

  1. Go to the Open iT Ingress configuration directory, which is C:\Program Files\OpeniT\Ingress\configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, copy the entire site binding section.

    For example, copy the contents from line 3 to 11.

    SiteBindings.Override.json
     1 | {
 2 |    "SiteBindings":  [
 3 |      { 
 4 |         "Scheme": "http",
 5 |         "Host": "",
 6 |         "Port": "8080",
 7 |         "Certificate": {
 8 |           "Store": "",
 9 |           "Location": ""
10 |         }
11 |      }
12 |    ]
13 | }

  4. Paste the copied contents at the end of the SiteBindings array.

    Add a comma , to separate each site bindings.

    SiteBindings.Override.json
     1 | {
 2 |    "SiteBindings":  [
 3 |      { 
 4 |         "Scheme": "http",
 5 |         "Host": "",
 6 |         "Port": "8080",
 7 |         "Certificate": {
 8 |           "Store": "",
 9 |           "Location": ""
10 |         }
11 |      },
12 |      {
13 |         "Scheme": "http",
14 |         "Host": "",
15 |         "Port": "8080",
16 |         "Certificate": {
17 |           "Store": "",
18 |           "Location": ""
19 |         }
20 |      },
21 |      {
22 |         "Scheme": "http",
23 |         "Host": "",
24 |         "Port": "8080",
25 |         "Certificate": {
26 |           "Store": "",
27 |           "Location": ""
28 |         }
29 |      }
30 |    ]
31 | }
...

  5. Modify the values in the additional site binding(s) as needed.

    You may also use the following sections for reference:

    • Configure HTTPS with Windows Certificate Store
    • Configure HTTPS with an SSL Certificate and Key
    • Configure HTTPS using Let's Encrypt

  6. Save the file.

  7. Open the Task Manager.

  8. Go to the Services tab.

  9. Restart the OpeniTIngress service.

  1. Go to the Open iT Ingress configuration directory, which is /opt/openit/ingress/configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, copy the entire site binding section.

    For example, copy the contents from line 3 to 11.

    SiteBindings.Override.json
     1 | {
 2 |    "SiteBindings":  [
 3 |      { 
 4 |         "Scheme": "http",
 5 |         "Host": "",
 6 |         "Port": "8080",
 7 |         "Certificate": {
 8 |           "Store": "",
 9 |           "Location": ""
10 |         }
11 |      }
12 |    ]
13 | }

  4. Paste the copied contents at the end of the SiteBindings array.

    Add a comma , to separate each site bindings.

    SiteBindings.Override.json
     1 | {
 2 |    "SiteBindings":  [
 3 |      { 
 4 |         "Scheme": "http",
 5 |         "Host": "",
 6 |         "Port": "8080",
 7 |         "Certificate": {
 8 |           "Store": "",
 9 |           "Location": ""
10 |         }
11 |      },
12 |      {
13 |         "Scheme": "http",
14 |         "Host": "",
15 |         "Port": "8080",
16 |         "Certificate": {
17 |           "Store": "",
18 |           "Location": ""
19 |         }
20 |      },
21 |      {
22 |         "Scheme": "http",
23 |         "Host": "",
24 |         "Port": "8080",
25 |         "Certificate": {
26 |           "Store": "",
27 |           "Location": ""
28 |         }
29 |      }
30 |    ]
31 | }
...

  5. Modify the values in the additional site binding(s) as needed.

    You may also use the following sections for reference:

    • Configure HTTPS with an SSL Certificate and Key
    • Configure HTTPS using Let's Encrypt

  6. Save the file.

  7. Run the following command to restart Ingress:

    Command Syntax
    systemctl restart openit-ingress-api

# Add an Additional Reverse Proxy

This section guides you through the process of setting up an additional reverse proxy instance in your environment.

  1. Go to the Open iT Ingress CaddyFilePartials directory, which is by default in C:\Program Files\OpeniT\Ingress\configuration\ingress\CaddyFilePartials.

  2. Open the custom.caddy file using your preferred text editor. Use this file to define additional reverse proxy configurations to append to the main CaddyFile automatically.

    custom.caddy
    1 | # This is a sample partial file, this will be appended at the end of your caddyfile.caddy
2 |

    Add your new reverse proxy configuration below the comment:

    Example
    1 | # This is a sample partial file, this will be appended at the end of your caddyfile.caddy
2 |
3 | https://customer.another.openit.com {
4 |    reverse_proxy :8888
5 | }

  3. Save the changes.

  4. Open the Task Manager.

  5. Go to the Services tab.

  6. Restart the OpeniTIngress service.

  7. Verify that the configurations added in the custom.caddy file are appended to the CaddyFile.caddy file, which is by default in C:\Program Files\OpeniT\Ingress\configuration\ingress\CaddyFile.caddy.

    CaddyFile.caddy
    199 | # This is a sample partial file, this will be appended at the end of your caddyfile.caddy
200 |
201 | https://customer.another.openit.com {
202 |    reverse_proxy :8888
203 | }

  1. Go to the Open iT Ingress CaddyFilePartials directory, which is by default in /opt/openit/ingress/configuration/ingress/CaddyFilePartials.

  2. Open the custom.caddy file using your preferred text editor. Use this file to define additional reverse proxy configurations to append to the main CaddyFile automatically.

    custom.caddy
    1 | # This is a sample partial file, this will be appended at the end of your caddyfile.caddy
2 |

    Add your new reverse proxy configuration below the comment:

    Example
    1 | # This is a sample partial file, this will be appended at the end of your caddyfile.caddy
2 |
3 | https://customer.another.openit.com {
4 |    reverse_proxy :8888
5 | }

  3. Save the changes.

  4. Run the following command to restart Ingress:

    Command Syntax
    systemctl restart openit-ingress-api

  5. Verify that the configurations added in the custom.caddy file are appended to the CaddyFile.caddy file, which is by default in /opt/openit/ingress/configuration/ingress/CaddyFile.caddy

    CaddyFile.caddy
    199 | # This is a sample partial file, this will be appended at the end of your caddyfile.caddy
200 |
201 | https://customer.another.openit.com {
202 |    reverse_proxy :8888
203 | }

Powered by Open iT ® Open iT Docs All rights reserved.

We value your feedback!

Please take a few minutes to complete our survey and share your thoughts on your recent experience with our documentation.

Take survey

Close