mirror of
https://github.com/plan-player-analytics/Plan.git
synced 2024-12-21 05:50:18 +08:00
79 lines
3.3 KiB
Markdown
79 lines
3.3 KiB
Markdown
![Player Analytics](https://puu.sh/t8vin.png)
|
||
|
||
|
||
# HTTPS Configuration
|
||
|
||
|
||
## How to configure Plan to use SSL Encryption:
|
||
- Obtain a Java Keystore file (More below)
|
||
- Place the keystore file in the /plugins/Plan/ folder
|
||
(If you have a keystore file elsewhere on the machine, you can specify the full path to the file.)
|
||
- Change the config settings under **WebServer**:
|
||
|
||
Config.Setting | Description
|
||
------------------- | ---------------
|
||
Certificate.KeyStorePath | The absolute path to the certificate file, you can directly use “KEYSTORE.FILE” if the certificate is placed in the Plan folder, if it’s elsewhere, use the direct path to it.
|
||
Certificate.KeyPass | The password of the certificate
|
||
Certificate.StorePass | The password of the keystore
|
||
Certificate.Alias | The alias of the keystore
|
||
|
||
# Obtaining a Java Keystore File
|
||
|
||
## How to get a certificate issued by Let’s Encrypt:
|
||
See here:
|
||
https://letsencrypt.org/getting-started/
|
||
|
||
## How to convert the certificate files into a Java KeyStore:
|
||
|
||
Execute keytool command in the Command Prompt (Windows) or in the Shell (Linux)
|
||
|
||
`keytool -importcert -file $CERTIFICATE -keystore $KEYSTORE -alias “$ALIAS”`
|
||
|
||
After executing the command, you need to enter the password of the keystore currently being created.
|
||
|
||
Notes:
|
||
The password for the keystore must be at least 6 characters long.
|
||
|
||
**NOTE FOR WINDOWS USERS:**
|
||
The keytool command is only going to work, when the Command Prompt is opened in `$JAVA_HOME\jre$VERSION\lib\security`
|
||
You can manage that by going to that path using
|
||
`cd $JAVA_HOME\jre$VERSION\lib\security`
|
||
|
||
## If you’re unable to obtain a certificate
|
||
|
||
If you do not have a domain for certificate registration, or can not create a self signed one, Plan.jar contains a self signed RSA 2048 certificate that can be used.
|
||
|
||
Open Plan.jar in any archive manager (Like WinRAR) and drop the Certificate.keystore file in the /plugins/Plan/ folder.
|
||
Set the config settings as follows so that the Certificate works.
|
||
|
||
Config.Setting | Value
|
||
------------------- | ---------------
|
||
Certificate.KeyStorePath | Cert.keystore
|
||
Certificate.KeyPass | MnD3bU5HpmPXag0e
|
||
Certificate.StorePass | wDwwf663NLTm73gL
|
||
Certificate.Alias | DefaultPlanCert
|
||
|
||
Self signed certificates cause browsers to display security warning:
|
||
![Certificate Warning](http://puu.sh/wY5Gs/91883c1ced.jpg)
|
||
|
||
You can ignore this warning. [“Dangers” of self signed certificates, Article](https://www.globalsign.com/en/ssl-information-center/dangers-self-signed-certificates/)
|
||
|
||
### Displaying a Green HTTPS Lock with Cloudflare
|
||
|
||
Requirements:
|
||
- A cloudflare account
|
||
- A domain with full access
|
||
|
||
If you wish to bypass the security warning (not seeing that the connection isn’t private), you can use [Cloudflare](https://www.cloudflare.com)
|
||
|
||
- Connect your domain to Cloudflare
|
||
- Add a DNS record of the type “A” which points to your Server IP
|
||
- Go to “Crypto” -> “SSL” and set the option to “Flexible”
|
||
|
||
Notes:
|
||
If you only want to use HTTPS on the Analytics site, you can use the “Page Rules”
|
||
[Page Rules Tutorial](https://support.cloudflare.com/hc/en-us/articles/218411427-Page-Rules-Tutorial)
|
||
|
||
It is recommend to activate “Automatic HTTPS Rewrites” under “Crypto” to be able to use http://LINK.TLD as well.
|
||
This removes the need to write “https://” at the beginning of the address.
|