{"id":201,"date":"2026-04-03T13:05:59","date_gmt":"2026-04-03T18:05:59","guid":{"rendered":"https:\/\/www2.dataunfold.com\/?post_type=docs&#038;p=201"},"modified":"2026-04-03T13:06:05","modified_gmt":"2026-04-03T18:06:05","password":"","slug":"ssl-setup","status":"publish","type":"docs","link":"https:\/\/www2.dataunfold.com\/?docs=ssl-setup","title":{"rendered":"SSL Setup"},"content":{"rendered":"\n<p><strong># Admin Guide: SSL for Web Server and WebSocket<\/strong><\/p>\n\n\n\n<p>This guide explains how to turn on SSL using the existing config files. No code changes are needed.<\/p>\n\n\n\n<p><strong>## What you need<\/strong><\/p>\n\n\n\n<p>&#8211; The certificate file: `*.crt`<\/p>\n\n\n\n<p>&#8211; The private key file: `*.key`<\/p>\n\n\n\n<p>&#8211; The public hostname users will open in the browser, for example `app.example.com`<\/p>\n\n\n\n<p><strong>## Step 1: Put the files on the server<\/strong><\/p>\n\n\n\n<p>&#8211; Copy the `crt` and `key` files to a secure folder on the server.<\/p>\n\n\n\n<p>&#8211; Make sure the service account can read both files.<\/p>\n\n\n\n<p>&#8211; Do not store the private key in source control or a public folder.<\/p>\n\n\n\n<p><strong>## Step 2: Update the web server settings<\/strong><\/p>\n\n\n\n<p>Edit [`config.toml`] and set:<\/p>\n\n\n\n<p>&#8220;`toml<\/p>\n\n\n\n<p>[services]<\/p>\n\n\n\n<p>webserver_scheme = &#8220;https&#8221;<\/p>\n\n\n\n<p>webserver_certfile = &#8220;C:\/path\/to\/certificate.crt&#8221;<\/p>\n\n\n\n<p>webserver_keyfile = &#8220;C:\/path\/to\/private.key&#8221;<\/p>\n\n\n\n<p>&#8220;`<\/p>\n\n\n\n<p><strong>## Step 3: Update the WebSocket settings<\/strong><\/p>\n\n\n\n<p>In the same file, set:<\/p>\n\n\n\n<p>&#8220;`toml<\/p>\n\n\n\n<p>[services]<\/p>\n\n\n\n<p>websocket_scheme = &#8220;wss&#8221;<\/p>\n\n\n\n<p>websocket_certfile = &#8220;C:\/path\/to\/certificate.crt&#8221;<\/p>\n\n\n\n<p>websocket_keyfile = &#8220;C:\/path\/to\/private.key&#8221;<\/p>\n\n\n\n<p>&#8220;`<\/p>\n\n\n\n<p><strong>## Step 4: Restart the services<\/strong><\/p>\n\n\n\n<p>&#8211; Save the config file.<\/p>\n\n\n\n<p>&#8211; Restart the server.<\/p>\n\n\n\n<p>&#8211; Restart the WebSocket service.<\/p>\n\n\n\n<p><strong>## Step 5: Test in a browser<\/strong><\/p>\n\n\n\n<p>&#8211; Open the app with `https:\/\/your-hostname`.<\/p>\n\n\n\n<p>&#8211; Confirm the browser shows a valid secure connection.<\/p>\n\n\n\n<p>&#8211; Open the browser dev tools and confirm the app connects to the WebSocket service with `wss:\/\/`.<\/p>\n\n\n\n<p><strong>## Quick checks if it fails<\/strong><\/p>\n\n\n\n<p>&#8211; The hostname in the certificate does not match the URL.<\/p>\n\n\n\n<p>&#8211; The `.crt` or `.key` path is wrong.<\/p>\n\n\n\n<p>&#8211; The service account cannot read the key file.<\/p>\n\n\n\n<p>&#8211; `webserver_scheme` is still `http`.<\/p>\n\n\n\n<p>&#8211; `websocket_scheme` is still `http`.<\/p>\n\n\n\n<p>&#8211; The services were not restarted after the change.<\/p>\n\n\n\n<p><strong>## Simple rule<\/strong><\/p>\n\n\n\n<p>&#8211; Web server: `https:\/\/`<\/p>\n\n\n\n<p>&#8211; WebSocket: `wss:\/\/`<\/p>\n\n\n\n<p>&#8211; Same certificate and key can be used for both if they cover the same hostname.<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Admin Guide: SSL for Web Server and WebSocket This guide explains how to turn on SSL using the existing config files. No code changes are needed. ## What you need &#8211; The certificate file: `*.crt` &#8211; The private key file: `*.key` &#8211; The public hostname users will open in the browser, for example `app.example.com` [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"doc_category":[7],"doc_tag":[],"class_list":["post-201","docs","type-docs","status-publish","hentry","doc_category-installation"],"year_month":"2026-04","word_count":294,"total_views":0,"reactions":{"happy":0,"normal":0,"sad":0},"author_info":{"name":"dataunfold","author_nicename":"dataunfold","author_url":"https:\/\/www2.dataunfold.com\/?author=1"},"doc_category_info":[{"term_name":"Installation","term_url":"https:\/\/www2.dataunfold.com\/?doc_category=installation"}],"doc_tag_info":[],"_links":{"self":[{"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=\/wp\/v2\/docs\/201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=201"}],"version-history":[{"count":1,"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=\/wp\/v2\/docs\/201\/revisions"}],"predecessor-version":[{"id":202,"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=\/wp\/v2\/docs\/201\/revisions\/202"}],"wp:attachment":[{"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=201"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=%2Fwp%2Fv2%2Fdoc_category&post=201"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/www2.dataunfold.com\/index.php?rest_route=%2Fwp%2Fv2%2Fdoc_tag&post=201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}