HTTPS Best Practices for FileCloud

FileCloud recommends that you run all  servers in a production environment only on:

  • HTTPS (SSL)
  • Port 443 

This ensures that all communications between clients and FileCloud are completely encrypted. 

(lightbulb)  To access these secured sites, users will have to type in:

https://<SITENAME>


Best PracticeReasonSteps
Disable the existing HTTP port.

So that FileCloud can be accessed only securely via HTTPS.

Setting redirects from HTTP to HTTPS is not recommended because mobile apps and other clients do not follow redirects (for security)

Therefore removing the HTTP port completely is the best option.


If you must use a redirect, Configure HTTP SSL Redirects.

To Disable HTTP (port 80) for Windows:

  1. Open the webserver config file for editing:

    c:\xampp\apache\conf\httpd.conf and 
  2. Comment out the line with Listen 80.

  3. Save and close the file.
  4. Restart the server.


To Disable HTTP (port 80) for Linux:

  1. Open the webserver config file for editing:

    /etc/apache2/ports.conf 
  2. Comment out the line with Listen 80.
  3. Save and close the file.
  4. Restart the server.
Verify your certificates are valid.If you have an invalid SSL configuration, your users would receive various errors on the browser, and iPhone/iPad apps cannot preview Office documents.

You can check the validity of the SSL certificate by testing your install against a SSL certificate checker like https://www.sslshopper.com/ssl-checker.html

Provide your FileCloud URL and it will report any potential problems your SSL installation might have.

These tools should report no errors for your FileCloud to function properly in SSL mode.

Change the default listening port (80).If you have are conflicts with other ports.

For Windows:

  1. Open the following file for editing:
      c:\xampp\apache\conf\httpd.conf  
  2. Locate the following two lines:
    Listen 80 
    ServerName localhost:80
  3. Change these lines to the following: 
    Listen your_new_port
    ServerName localhost:your_new_port

4. Save and close the file.


For Linux:

  1. Open the following file for editing:
     /etc/apache2/ports.conf
  2. Locate  the following line: 
    Listen 80
  3. Change it to 
    Listen Your_new_port
  4. Open the following file for editing:
     /etc/apache2/sites-enabled/000-default.conf
  5. Locate the following line
    <VirtualHost *:80> 
  6. Change it to
    <virtualHost  _default:your_new_port>
  7. Save and close the file.

Change the default HTTPS port (443).If you have are conflicts with other ports.

For Windows:

  1. Open the following file for editing:
    c:\xampp\apache\conf\extra\httpd-ssl.conf  
  2. Locate the following line
    Listen 443
  3. Change it to
    Listen your_new_port
  4.  Locate the following line
     <VirtualHost _default_:443
  5. Change it to
    <VirtualHost _default_:your_new_port>
  6. Save and close the file.


For Linux:

  1. Open the following file for editing:
    /etc/apache2/ports.conf
  2. Locate  the following lines
    <IfModule mod_ssl.c>Listen 443</IfModule>
  3. Change it to
    <IfModule mod_ssl.c>Listen Your_New_Port</IfModule> 
  4. Open the following file for editing:
    /etc/apache2/sites-available/default-ssl
  5. Locate the following line:
     <VirtualHost _default_:443>
  6. Change it to
    <VirtualHost _default_:your_new_port>
  7. Save and close the file.
Disable server information in headers.To prevent the Web application from disclosing the server name and server version in the response header.
  1. Open the Apache configuration file:
    Ubuntu location: /etc/apache2/apache2.conf
    CentOS location: /etc/httpd/conf/httpd.conf
    Windows location: C:\xampp\apache\conf\httpd.conf
  2. Add the following:

    ServerSignature Off
    ServerTokens Prod
  3. Restart the Apache server.


HTTP To HTTPS Redirects

It is recommended that you configure FileCloud Server so that it can be accessed securely only via HTTPS.

Setting redirects from HTTP to HTTPS is not recommended because mobile apps and other clients do not follow redirects (for security).

Therefore removing the HTTP port completely is the best option.


If you must use a redirect, add the following lines:

<VirtualHost *:80>
 RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 </VirtualHost>
  • In Windows, the above lines should we added to file c:\xampp\apache\conf\extra\httpd-vhosts.conf. Restart the apache server.
    Also make sure the following line is uncommented in the file C:\xampp\apache\conf\httpd.conf.

    # Virtual hosts
    Include conf/extra/httpd-vhosts.conf
  • In Linux, the above lines should be added to the /etc/apache.d/sites-enabled/000-default.conf file. If you already have a VirtualHost directive, add only the lines starting with "Rewrite".  Restart the apache server.