HTTPS Best Practices for FileCloud
FileCloud recommends that you run all servers in a production environment only on:
- HTTPS (SSL)
- Port 443
This ensures that all communications between clients and FileCloud are completely encrypted.
To access these secured sites, users will have to type in:
https://<SITENAME>
Best Practice | Reason | Steps |
---|---|---|
Disable the existing HTTP port. | So that FileCloud can be accessed only securely via HTTPS. Setting redirects from HTTP to HTTPS is not recommended because mobile apps and other clients do not follow redirects (for security) Therefore removing the HTTP port completely is the best option.
If you must use a redirect, Configure HTTP SSL Redirects. | To disable HTTP (port 80) for Windows:
To disable HTTP (port 80) for Linux:
|
Verify your certificates are valid. | If you have an invalid SSL configuration, your users would receive various errors on the browser, and iPhone/iPad apps cannot preview Office documents. | You can check the validity of the SSL certificate by testing your install against a SSL certificate checker like https://www.sslshopper.com/ssl-checker.html Provide your FileCloud URL and it will report any potential problems your SSL installation might have. These tools should report no errors for your FileCloud to function properly in SSL mode. |
Change the default listening port (80). | If you have are conflicts with other ports. | For Windows:
4. Save and close the file. For Linux:
|
Change the default HTTPS port (443). | If you have are conflicts with other ports. | For Windows:
For Linux:
|
Disable server information in headers. | To prevent the Web application from disclosing the server name and server version in the response header. |
|
HTTP To HTTPS Redirects
It is recommended that you configure FileCloud Server so that it can be accessed securely only via HTTPS.
Setting redirects from HTTP to HTTPS is not recommended because mobile apps and other clients do not follow redirects (for security).
Therefore removing the HTTP port completely is the best option.
If you must use a redirect, add the following lines:
<VirtualHost *:80> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost>
In Windows, the above lines should we added to file c:\xampp\apache\conf\extra\httpd-vhosts.conf. Restart the apache server.
Also make sure the following line is uncommented in the file C:\xampp\apache\conf\httpd.conf.# Virtual hosts Include conf/extra/httpd-vhosts.conf
- In Linux, the above lines should be added to the /etc/apache.d/sites-enabled/000-default.conf file. If you already have a VirtualHost directive, add only the lines starting with "Rewrite". Restart the apache server.