HTTPS component

It is provided as an installer for Windows and all supported Linux distros. The component settings are specified in the configuration file webproxy.toml as it is shown below.

After the component is installed, the corresponding service will be automatically added on the OS:

• On Windows, it will be named TrueConf Border Controller htpps and will have the id tc_bchttps, the path to the executable file will be C:\Program Files\TrueConf\Border Controller\tc_bchttps.exe.

• On Linux, it will be identified as trueconf-bchttps, the path to the executable file will be /opt/trueconf/border-controller/bin/tc_bchttps.

The launch of this component is configured similarly to the component for handling the TrueConf traffic. However, there are certain differences:

• You need to configure the certificate in advance.

• The operation parameters are defined in the configuration file webproxy.toml.

Configuration of certificates

1. If a self-signed certificate is configured on TrueConf Server, download it via the link Download ca.crt in the Self-signed certificate section and add it to the trusted root certificates on the machine with TrueConf Border Controller. Check the documentation for your OS to learn how it can be done.

For example, on Debian:

• Copy the certificate file to the certificate storage in the directory usr/local/share/ca-certificates/:

sudo cp ca.crt /usr/local/share/ca-certificates/

• Update the certificate storage with this command:

sudo update-ca-certificates -v

If there is an error message indicating that the command was not found, install its package from the repository:

sudo apt install -y ca-certificates

• To check if your OS trusts the certificate, run this command:

openssl verify /usr/local/share/ca-certificates/ca.crt

2. In the TrueConf Server control panel, go to the Web → Settings section and specify the address of the machine with TrueConf Border Controller in the External address of TrueConf Server web field.

3. Create a certificate for the machine with TrueConf Border Controller. If you do not have a commercial certificate, you can create a self-signed certificate as it is described in our knowledge base.

4. Copy the certificate and key obtained at step 3 to the directory <path_to_border_controller>\etc\crt\ where <path_to_border_controller> is the path to the executable file of the component on your OS.

5. Rename the certificate and key files as <guid>.crt and <guid>.key where <guid> is a 128-bit GUID identifier which will be the same for both files. It can be generated with the help of the online service UUID Generator (opens new window).

Configuration file settings

The configuration file webproxy.toml will be created during component installation:

• on Windows: C:\Program Files\TrueConf\Border Controller\etc\webproxy.toml

• on Linux: /opt/trueconf/border-controller/etc/webproxy.toml

By default, the configuration file contains the following lines:

[certificate]
cert_extension = '.crt'
key_extension = '.key'

[dir]
executable_relative = false
installation = '/opt/trueconf/border-controller'

[file]
configname = 'webproxy'

[interfaces]
[interfaces.list]
[interfaces.list.0]
Address = '[::]:80'
EnableTLS = false
ReadTimeout = 0
TLSConfigID = ''
TargetID = ''

[proxy]
trust_client_headers = false

[targets]
[targets.list]

[tls]
[tls.list]

Specify the following values to configure the component for the HTTPS protocol:

• in the [dir] section:

  • installation — the path to the executable file of the component

• in the section [interfaces.list.0]:

  • Address — HTTPS port if it is different from the standard 443

  • TLSConfigID — the name of the certificate and key files received at step 5

  • TargetID — GUID for identifying a block of HTTPS settings from the [targets] section

• in the section [interfaces.list.1]:

  • Address — the port for accessing the control panel via HTTP if the port is different from the standard 80 port

  • TargetID — GUID for identifying a block of HTTP settings from the [targets] section

• for each [targets.list.<guid>] blocks in the [targets] section:

  • generate unique GUIDs and add them instead of <guid>

  • address — IP address or FQDN of TrueConf Server and the port for the transfer of traffic from the component

  • is_secure — the value is equal to true if an HTTPS port was specified for the address parameter of the current [targets.list.<guid>] block ; otherwise it is equal to false

• in the [tls] section:

  • for the [tls.list.<guid>] block name, replace <guid> with the TLSConfigID value (it is also the name of the certificate file from step 5)

  • CertificateID and ID — value of TLSConfigID.

7. Save the file webproxy.toml and run the component.

Launching the component on Windows

Similarly to the component for the TrueConf protocol, the service on Windows can be started from the services.msc tool or from the terminal with the help of the sc.exe utility. For example:

sc start tc_bchttps

The component can be added to the automatic startup in a similar way, for example:

sc config tc_bchttps start=auto

Launching the component on Linux

To control the component, use the utility systemctl as it was described for trueconf-bc. For example, to start the component, run this command:

sudo systemctl start trueconf-bchtpps