Configuring SSL Certificates in Posit Connect

This section describes how to configure SSL certificates in Posit Connect.

You can configure SSL/TLS certificates by editing the configuration file to point to the relevant private key and certificate files and restarting Connect.

To configure SSL certificates, add the following lines to the Connect configuration file:

File: /etc/rstudio-connect/rstudio-connect.gcfg
[HTTPS]
Listen = :443
Certificate = /etc/rstudio-connect/your_domain_name.crt
Key = /etc/rstudio-connect/your_domain_name.key

Ensure that the file permissions on your SSL certificate are as restrictive as possible. The certificate file requires 644 permissions (readable and writable by owner, and readable by other users). The rstudio-connect user should typically own the certificate file. For example:

sudo chown rstudio-connect:rstudio-connect /etc/rstudio-connect/your_domain_name.crt
sudo chmod 644 /etc/rstudio-connect/your_domain_name.crt 

Ensure that the file permissions on your SSL certificate key are as restrictive as possible. The certificate file requires 600 permissions, that is owner readable and writable. The certificate key file should typically be owned by the rstudio-connect user. For example:

sudo chown rstudio-connect:rstudio-connect /etc/rstudio-connect/your_domain_name.key
sudo chmod 600 /etc/rstudio-connect/your_domain_name.key 

Then restart Connect by running the following command:

Terminal
$ sudo systemctl restart rstudio-connect
Warning

Connect does not allow certificate private keys to have a passphrase. If one exists, remove the passphrase by using the following example:

Terminal
$ openssl rsa -in [original.key] -out [new.key]

Configuring HTTP to HTTPS redirects

To redirect all HTTP traffic to the secure HTTPS endpoint, add the following lines to the Connect configuration file:

File: /etc/rstudio-connect/rstudio-connect.gcfg
[Server]
Address = https://<SERVER-ADDRESS>

[HTTPS]
Listen = :443
Permanent = true
Certificate = /etc/rstudio-connect/your_domain_name.crt
Key = /etc/rstudio-connect/your_domain_name.key

[HTTPRedirect]
Listen = :80
Note

For HTTP to HTTPS redirects to work properly, ensure that you remove the HTTP.Listen option from the configuration file if you have defined it.

Then restart Connect by running the following command:

Terminal
$ sudo systemctl restart rstudio-connect

Additional documentation

For more information on SSL certificates and other related settings, refer to the HTTPS settings in the Configuration Appendix of the Connect Administration Guide.