Configuring HTTPS

By default the BeyondCron web interface (bc-web) listens to HTTP requests on port 8080. If you would like to protect BeyondCron sessions with HTTPS you have the following options.

Solution 1 - reverse proxy

The simplest solution is to run BeyondCron on server with NGINX using LetEncrypt and acting as a reverse proxy. 

1: install NGINX - https://nginx.org/en/

2: install LetsEncrypt - https://letsencrypt.org/getting-started/

3a: configure NGINX to reverse proxy for BeyondCron with its own hostname:

server {
   server_name bc-host.exmaple.com;

   location / {
     proxy_pass http://127.0.0.1:8080;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "Upgrade";
     proxy_set_header Host $host;
   }
 }

3b: alternatively configure NGINX to reverse proxy for BeyondCron in a sub-directory of an existing host:

server {
  server_name host.example.com;

  ...

  location /beyondcron {
    proxy_pass http://127.0.0.1:8080;
  }
  location /VAADIN {
    proxy_pass http://127.0.0.1:8080;
  }
  location /PUSH {
    proxy_pass http://127.0.0.1:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
  }
  location /UIDL {
    proxy_pass http://127.0.0.1:8080;
  }

  ...
}

4: using a firewall disable remote connections to port 8080

Solution 2 - native

If you would prefer to configure BeyondCron to listen to HTTPS natively:

1: create a Jetty configuration file that configures SSL/TLS - https://www.eclipse.org/jetty/documentation/jetty-9/index.html#configuring-ssl

2: define the environment variable JETTY_CONFIG. e.g:

export JETTY_CONFIG=/path/jetty-ssl.xml

3: start bc-web