Configure HTTPS

Use this guide to configure HTTPS for vScope.

Choose setup method

Method A (recommended): terminate HTTPS in a reverse proxy or load balancer.
Method B: enable HTTPS directly in vScope using a certificate keystore.

Method A: Set up HTTPS via reverse proxy

Use your existing reverse proxy or load balancer to handle HTTPS connections and proxy traffic to the vScope server over HTTP.

Configure the reverse proxy

You can use any third-party reverse proxy. Refer to your proxy’s documentation for production hardening. The examples below are starting points.

NGINX
Apache

Basic example configuration to help you get started with NGINX. Be sure to read NGINX Reverse Proxy for proper guidance and additional information.

server {
   listen 443 ssl;
   server_name vscope.example.tld;

   ssl_certificate /path/to/fullchain.pem;
   ssl_certificate_key /path/to/key.pem;

   location / {
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://vscope:80/;
   }
}

Basic example configuration to help you get started with Apache. Be sure to read Reverse Proxy Guide for proper guidance and additional information.

<VirtualHost *:443>
   SSLEngine on
   ServerName vscope.example.tld

   SSLCertificateFile /path/to/fullchain.pem
   SSLCertificateKeyFile /path/to/key.pem

   ProxyPass / http://vscope:80/

   ProxyPreserveHost On
   ProxyRequests Off
</VirtualHost>

Other common reverse proxies

IIS: Reverse Proxy - Rule Template
Caddy: Reverse proxy quick-start

Update Base URL in vScope

Open vScope in your browser and navigate to Settings > Network.

Update Base URL to the address end users will use to access vScope. Include https:// (for example https://vscope.example.tld).

Method B: Set up HTTPS directly in vScope

If you do not use a reverse proxy, configure HTTPS directly in vScope by uploading a certificate keystore.

Generate a self-signed certificate with OpenSSL

If you already have a certificate you can skip ahead to Configure vScope.

While it is recommended to use a publicly trusted certificate, vScope can be used with a self-signed certificate.

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout key.pem -out cert.pem -subj '/CN=vscope.example.tld' -addext 'subjectAltName=DNS:vscope.example.tld'
openssl pkcs12 -export -inkey key.pem -in cert.pem -name vscope -out keystore.p12

The first command will generate a key and certificate valid for 10 years (3650 days) and for the domain vscope.example.tld. If you use these commands, replace the domain with your actual domain.

The second command will ask you to set a password and package both the key and certificate as a PKCS#12 file keystore.p12. This is the file you will upload to vScope.

Due to how OpenSSL works, both the key and the keystore will be password protected with the password you entered.

Configure vScope

Enable HTTPS
In vScope, navigate to Settings > Network and enable HTTPS.
Upload the certificate

.keystore, .p12, .pkcs12, and .pfx. We recommend .pfx for compatibility. Learn how to export this format.

Upload the certificate on the right-hand side by clicking Upload and selecting it from your file system.
Configure the HTTPS port
Enter the port vScope will use to accept HTTPS connections. The default port is 443 and we recommend you leave it unchanged unless necessary.

Ensure the port is not used by another application and that any inbound firewall rules allow traffic on the port for the vScope server.
Configure passwords
Both the keystore and the key inside can be password protected. Enter the password(s) into the respective text field.

It is not unusual for both to be password protected with the same password. If you generated a self-signed certificate with the instructions above, this will be the case.
Configure alias
If your keystore only contains one certificate then you can leave this empty and vScope will find and use it.

If you have multiple certificates in the keystore then enter the alias of the certificate that vScope should use into the text field.
Save the configuration
Click Save to apply your configuration.
Restart Wait for the web service to restart, 30-60s. Then login again.
Update Base URL In Settings > Network, confirm Base URL uses https:// and the expected URL for vScope (eg. https://vscope.company.com). If necessary, update and save the Base URL, and restart the vScope web service to apply the changes.

Final verification (both methods)

Open the vScope web UI using https://.
Confirm the certificate is accepted by your browser.

If HTTPS configuration fails or the server becomes inaccessible after enabling HTTPS, see Troubleshoot HTTPS configuration in vScope.