Wyn Enterprise: Deploying with HTTPS

You need to expose two web applications to internet when you publish Wyn Enterprise. These web applications are identity service and portal.

You must have your own domain name *.grapecitydev.com and its SSL certificates. The server's OS is Ubuntu 16.04 and its DNS is gces-dev2.southeastasia.cloudapp.azure.com.

  1. Install Wyn Enterprise.
  2. Install Nginx using the following command.

    sudo apt-get update
    sudo apt-get install nginx
  3. Create the domain name for the portal that you purchase the domain name and map the domain name to your server's DNS or host IP. For example, portal.grapecitydev.com.

  4. Put your SSL certificates on the server.
  5. Setup the reverse proxy with https in nginx configuration file. The configuration file of nginx locates in '/etc/nginx/sites-available' and the name is "default". The following is a sample of nginx configuration:
server {
  listen 443;

  ssl on;
  ssl_certificate /etc/ssl/grapecitydev_chain.crt;
  ssl_certificate_key /etc/ssl/grapecitydev.key;
  server_name portal.grapecitydev.com;
  large_client_header_buffers 4 32k;

  location / {
        proxy_pass http://localhost:51980;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_connect_timeout       60s;
        proxy_send_timeout          60s;
        proxy_read_timeout          60s;
        send_timeout                60s;
        sendfile on;
        proxy_buffer_size 64k;
        proxy_buffers   32 32k;
        proxy_busy_buffers_size 128k;
        fastcgi_buffers 8 16k;
        fastcgi_buffer_size 32k;
       client_max_body_size 8M;
  1. Change the identity service URL in Wyn configuration, for example:
    version: 2.0
    identity_server_url: https://portal.grapecitydev.com
     urls: http://*:51981
     urls: http://*:51980
     require_https: true
     - https://portal.grapecitydev.com
     urls: http://localhost:51982
     urls: http://localhost:51983

Note: Since the https uses port 443 by default, you need to add the inbound rule to allow 443 port to be accessed remotely.