Setup SSL TerminationΒΆ

SpectX installations in an enterprise environment allowing users to connect remotely must be secured using SSL/TLS to make sure that no sensitive data is sent over the wire in plain text. This can be implemented using NGINX or Apache as a reverse proxy in front of SpectX.

Note

You need to make sure that:

  • The SpectX web server is exposed only to reverse proxy and is not accessible for end-users.
  • The TLS certificates of the server must be valid and trusted by end-users.

Example. Configuring NGINX TLS terminating reverse proxy for SpectX instance exposed on localhost port 8838. The hostname for the setup is spectx.example.org. The TLS certificate and respective private key files are placed in the /etc/ssl directory.

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        return 301 https://$host$request_uri;
}
server {

        # SSL configuration

        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        server_name spectx.example.org;

        ssl_certificate    /etc/ssl/spectx.example.org.pem;
        ssl_certificate_key /etc/ssl/spectx.example.org.private.key;

        location / {
                proxy_pass http://127.0.0.1:8388/;
                proxy_set_header X-Real-IP $remote_addr;
        }
        # ...
}