Skip to end of metadata
Go to start of metadata


The Web Server page is for configuring the HTTP and HTTPS ports, setting up the SSL / TLS certificate, redirecting traffic through a known address, and whether or not all HTTP traffic should be forcefully redirecting to HTTPS.

If you are allowing users to access your Gateway from outside your network (through the Internet), you will need to configure the Public HTTP Address settings.

On this page ...



SSL/TLS Settings

On the Web Server screen you can view details of an SSL certificate details, export keys, remove the installed SSL certificate, and transition to a CA-signed certificate.

From the Gateway Webpage, click on Config > Networking > Web Server. From the Web Server page, click on the View Details button. 




The Certificate Details are shown. From here you can generate a Certificate Signing Request (CSR) by clicking the Generate CSR button in the upper right. 



For more information, see Secure Communication (SSL / TLS).

HTTP and HTTPS Settings


HTTP Settings
HTTP PortThe port to which Ignition will listen for incoming HTTP traffic, for example: 8088.
HTTPS Settings
HTTPS PortThe port to which Ignition will listen for incoming HTTPS traffic, for example: 8043.
Force Secure Redirect

When enabled, and if SSL / TLS is enabled, all http traffic will be redirected to its https counterpart.
(Default: disabled)

Included Cipher SuitesWhitelist of included cipher suites for clients connecting to Ignition using SSL/TLS.
Excluded Cipher SuitesBlacklist of excluded cipher suites for clients connecting to Ignition using SSL/TLS. Takes precedence over allowed cipher suites.

HTTP and HTTPS Connectors Restart

Certain actions will cause the HTTP port and/or the HTTPS port to restart. Refer to the following table for details.

Configuration ChangeHTTP Port
Restarted?
HTTPS Port
Restarted?
HTTPS PortYesYes
HTTPS PortYesYes

Force Secure Redirect

NoYes
User Included Cipher SuitesNo

Yes

User Excluded Cipher SuitesNoYes
SSL/TLS SetupNoYes

Public HTTP Address settings

If you are allowing users to access your Gateway from outside your network (through the Internet), you will need to configure the Public HTTP Address settings.

Public HTTP Address
Auto Detect HTTP Address

To specify an explicit HTTP address that Vision Clients and Perspective Sessions will use, turn this off. Most users will leave autodetect on.
(Default: enabled)

Public AddressThe public facing address that Vision Clients and Perspective Sessions must use to connect. If Force Secure Redirect is enabled, redirected connections will use this address, for example: yourcompany.com.
Public HTTP PortThe public facing HTTP port that Vision Clients and Perspective Sessions must use to connect, for example: 80
Public HTTPS PortThe public facing HTTPS port that Vision Clients and Perspective Sessions must use to connect. If Force Secure Redirect is enabled, redirected connections will use this port, for example: 443

Cipher Support

Below is a list of supported ciphers.

 Click here to expand...
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  • TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  • TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384



In This Section ...

  • No labels