The XTRF Platform application is expected to be run as a backend service in the DMZ, not directly exposed to the Internet. Therefore, we do not support installing SSL certificates directly into XTRF.

To expose the proper HTTPS endpoint, you should use a tool called a TLS termination proxy or load balancer. This tool intercepts HTTPS requests, allowing you to enforce access rules, log traffic, and perform other actions typical of middleware.
XTRF backend socket listens internally on HTTPS on port 8443. This port must not be exposed directly to end users.

Open

One example of such a tool is Apache HTTPD, which is free and widely available for all operating systems.

Below, you can find the necessary information for setting up an SSL certificate for your XTRF Platform installation with an Apache server, which will serve as a proxy for the XTRF Platform. Please remember to always use the latest Apache and OpenSSL releases for maximum security and update them regularly.

You might also fine-tune the SSL settings according to the current best recommendations. For example, you can find helpful solutions under the following link: Mozilla SSL Configuration Generator.

Apache Settings for HTTPS Proxy (Debian/Ubuntu)

Execute the following commands to enable the required modules:

In the recent versions of Apache (>2.4.17), you should consider enabling HTTP/2: HTTP/2 guide - Apache HTTP Server Version 2.4.

Please create a file /etc/apache2/sites-enabled/xtrf.conf with the following content (adapt the hostname and SSL certificate location): .