Configuring SSL Certificates in Posit Connect
This section describes how to configure SSL certificates in Posit Connect.
You can configure SSL/TLS certificates by editing the configuration file to point to the relevant private key and certificate files and restarting Connect.
To configure SSL certificates, add the following lines to the Connect configuration file:
File: /etc/rstudio-connect/rstudio-connect.gcfg
[HTTPS]
Listen = :443
Certificate = /etc/rstudio-connect/your_domain_name.crt
Key = /etc/rstudio-connect/your_domain_name.key
Ensure that the file permissions on your SSL certificate are as restrictive as possible. The certificate file requires 644 permissions (readable and writable by owner, and readable by other users). The rstudio-connect
user should typically own the certificate file. For example:
sudo chown rstudio-connect:rstudio-connect /etc/rstudio-connect/your_domain_name.crt
sudo chmod 644 /etc/rstudio-connect/your_domain_name.crt
Ensure that the file permissions on your SSL certificate key are as restrictive as possible. The certificate file requires 600 permissions, that is owner readable and writable. The certificate key file should typically be owned by the rstudio-connect
user. For example:
sudo chown rstudio-connect:rstudio-connect /etc/rstudio-connect/your_domain_name.key
sudo chmod 600 /etc/rstudio-connect/your_domain_name.key
Then restart Connect by running the following command:
Terminal
$ sudo systemctl restart rstudio-connect
Connect does not allow certificate private keys to have a passphrase. If one exists, remove the passphrase by using the following example:
Terminal
$ openssl rsa -in [original.key] -out [new.key]
Configuring HTTP to HTTPS redirects
To redirect all HTTP traffic to the secure HTTPS endpoint, add the following lines to the Connect configuration file:
File: /etc/rstudio-connect/rstudio-connect.gcfg
[Server]
Address = https://<SERVER-ADDRESS>
[HTTPS]
Listen = :443
Permanent = true
Certificate = /etc/rstudio-connect/your_domain_name.crt
Key = /etc/rstudio-connect/your_domain_name.key
[HTTPRedirect]
Listen = :80
For HTTP to HTTPS redirects to work properly, ensure that you remove the HTTP.Listen
option from the configuration file if you have defined it.
Then restart Connect by running the following command:
Terminal
$ sudo systemctl restart rstudio-connect
Additional documentation
For more information on SSL certificates and other related settings, refer to the HTTPS settings in the Configuration Appendix of the Connect Administration Guide.