Running Caddy to support HTTPS
Data security is a top priority these days, and data needs to be secure even when in transit. To maintain security while data is in transit, it is recommended that Binfer’s Enterprise Server is configured to run using HTTPS connections.
Caddy is a tool built with simplicity in mind to manage web servers and automatic SSL. Caddy is quick to configure out of the box whether it’s running on a new machine or integrating into your existing web servers. The goal of this guide is to outline the steps to setup Caddy to manage SSL certificates for your Binfer Enterprise Server.
Prerequisites
This guide starts with the following assumptions:
- There is already a domain (or subdomain) set that points to the web server where Binfer’s Enterprise Server is running
- Port 80 and port 443 are open on both the local firewall present on the system and any network firewall that might be present
- Binfer’s Enterprise Server is already installed and is running without issue using HTTP
- You have admin access to the machine hosting Binfer’s Enterprise Server.
Installing Caddy
- First, you will need to download the Caddy package which can be found here
- Next you will need to create a directory to unzip your files to. In our examples we create a folder called Caddy under the C: drive so that our files are under the location C:\Caddy
Note: Caddy can run from any directory, but if you choose to use a different directory than what is provided in this example there will be extra configuration steps below.
- Once the directory is unpacked, you should right click on the file called Caddyfile and open it in an editor so that you can edit it. Replace xxx.xxx.com with your domain or subdomain and replace 8080 with whichever port you provided to Binfer Enterprise Sync during installation. Once modified, you can save and close this file
- Next, run the file labeled start.bat to test that the Caddy configuration is working. You will see several logs as Caddy generates SSL certs for your domain
- Once the SSL certs have been generated you should be able to test everything is working by connecting to your domain locally. Caddy should redirect any HTTP connections automatically to HTTPS so you can connect the way you are used to
- You can verify Caddy is working by checking in the corner of your browser for a lock icon to show your connection is secure or the prefix https:// in front of your URL
- Once you’ve verified that Caddy is working locally, you can close the command prompt window that opened when you launched start.bat. This will stop Caddy so that you can set it up as a service
Running Caddy as a Service
- Right click the file labeled installService.bat and select ‘Run as Administrator’
Note: If you chose to install Caddy in a different directory, you will need to first edit installService.bat so that the first line navigates into the correct directory
- In the windows search bar enter ‘Services’ and select ‘Run as Administrator’
- Once the Services window is open you should see a service labeled Caddy Web Server (Powered by WinSW). Right click the service and select ‘Start’
- Caddy should now be running as a background service, and you can once again connect locally to verify the result
Configuring Binfer to run with HTTPS
- Navigate to the UI of your Binfer Enterprise Sync instance and login
- From the left-hand navigation select PRIVATE CLOUD. Then from the private cloud screen select the tab at the top labeled SETTINGS
- In the private cloud settings enter port 443 as your Port
- Next, check the box next to Use HTTPS
- Finally, click the save and exports buttons at the bottom of the screen to confirm your new settings
- When you save, your test URL should update to use the https:// protocol. Your Binfer instance is now configured to use HTTPS!
Troubleshooting
This is likely a firewall issue. Please make sure that port 443 is open on both your network firewall and the firewall on the local machine.
Caddy is highly customizable. This guide is meant to be just a brief overview to get it working for Binfer’s Enterprise Server but for more advanced configurations please review Caddy’s documentation here.
This error code means that Caddy cannot reach its upstream servers. Ensure that you have opened port 443 on the local machine firewall and any network firewall that may be present.