HTTPS on Linux

Tagged: , , ,

Viewing 15 posts - 31 through 45 (of 47 total)
  • Author
  • #7819

    I can’t edit my previous post, you can test previous configuration by accessing for example after restarting Apache web server:

    sudo service apache2 restart

    For my future references:
    1. Run Apache and Nginx together:
    2. Mono and Nginx:


    I think run scada web as web root for my server is not a good idea since I also use it for different service.

    1. Edit scada-xsp4 config:

    sudo nano /etc/xsp4/scada.webapp


    2. Edit Apache config:

    sudo nano /etc/apache2/sites-enabled/default-ssl.conf

        	SSLProxyEngine on
        	SSLProxyVerify none
        	SSLProxyCheckPeerCN off
        	SSLProxyCheckPeerName off
        	SSLProxyCheckPeerExpire off
        	ProxyPreserveHost off
        	ProxyRequests off
        	ProxyVia off
        	ProxyPass /scada
        	ProxyPassReverse /scada

    3. Disable scada web in Apache:

    sudo a2dissite scada.conf

    4. Restart scada-xsp4 service:

    sudo service scada-xsp4 stop
    ps ax –> to check mono pid that load xsp4.exe
    sudo kill -9 pid_from_previous_step
    sudo service scada-xsp4 start

    5. Restart Apache:

    sudo service apache2 restart


    Thank you, it works. But there are nuances 🙂 For example, if you write the root of the site then there is a redirect from the apache page that should not be, is there any way to fix it ?

    I used port 8084. Michael needlessly removed the settings for mono-xsp4 from the installation description file for the mono version

    • This reply was modified 3 years, 6 months ago by manjey73.

    No problem here, I can access for example without a redirect. But to be honest, I’m not expert in Apache configuration.


    This means that when we open the root of the site, the Apache page should open and not jump to the internal site. It is not clear why this is happening ?


    Run Mono FastCGI via Nginx behind Apache (even Apache behind Nginx must be better):

    1. Install Nginx:

    sudo apt-get install nginx

    2. Change Nginx default port from 80 to 8008 and add /scada-fastcgi virtual path:

    sudo nano /etc/nginx/sites-available/default

    	listen 8008 default_server;
    	listen [::]:8008 default_server;
    	location /scada-fastcgi {
    		index index.html index.htm default.aspx Default.aspx;
    		fastcgi_index index.htm;
    		include /etc/nginx/fastcgi_params;

    3. Edit Nginx FastCGI parameter:

    sudo nano /etc/nginx/fastcgi_params

    fastcgi_param  PATH_INFO          "";
    fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

    4. Edit Apache config and reload it:

    sudo nano /etc/apache2/sites-enabled/default-ssl.conf

        	ProxyPass /scada-fastcgi
        	ProxyPassReverse /scada-fastcgi

    sudo systemctl reload apache2

    5. Install Mono FastCGI if needed, run it:

    sudo apt-get install mono-fastcgi-server
    fastcgi-mono-server4 /applications=/scada-fastcgi:/var/www/html/scada/ /socket=tcp:

    6. Start Nginx:

    sudo systemctl reload nginx

    You can access SCADA web at https://yourserver/scada-fastcgi


    Redirection was enabled by the site owner on the apache stub page, so it shouldn’t happen by itself 🙂


    At least we have 2 options to run RS with SSL even with a negative impact if exists. Nginx + Mono FastCGI will be perfect for RS but I have multiple application run under Apache for now.


    using kumajaya’s nginx fastcgi method, the demo project works well.
    I am testing more complicated projects currently.
    The first issue I encounter URL in Interface table not working properly. (something like the grafana integration)

    I tested 2 URL format:
    – scadaserverip:5000/example (other web running on the same scada server)

    they can be loaded correctly when I open browser on server. but when i open browser on other clients, the content frame can’t load the URL page.

    Is it because of the scadasweb or fastcgi or just the proxy setting?


    by enabling ssl of apache2 itself, the https site show error msg of
    error updating current/hourly data
    Is it the Mono-WCF bug stopping scada with apache2 https?

    Why would we need Nginx + Mono FastCGI?


    I am thinking about the following method, is there any obstacle or bug stopping it from working? I will have a try and update my result here.


    Is it the Mono-WCF bug stopping scada with apache2 https?

    What is the current status of your research?


    Architecture of my latest approach is listed below, which seems working. the configuration should be less complicated than the approach mentioned in previous replies.


    Note: because embedding http content in iframe (such as External URL on Interface, or Dashboard) of https site will not work, so I redirect all http request to https. the site becomes https only. The content being embedded need to be changed to https too.

    I only tested demo project will a few different External URL on interface at the moment.

    I will make a procedure in detail and update here later. (Friday night or weekend)


    The content being embedded need to be changed to https too.

    Yes, because of the browser protection.
    Thank you for the details.


    Continuing from previous reply. Assuming a Linux system with SCADA installed using all default setting, no other websites.

    STEP 1 – Prepare ssl certification
    put them in the path you like, make sure their permission allows read


    STEP 2 – Change apache2 default ports
    Edit file
    sudo nano /etc/apache2/ports.conf
    Change content to

    Listen 8080
    <IfModule ssl_module>
            Listen 8081
    <IfModule mod_gnutls.c>
            Listen 8081

    Also edit this file
    sudo nano /etc/apache2/sites-enabled/000-default.conf
    change port number only, keep other things

    <VirtualHost *:8080>
    # keep the content in this file

    ssl is not enbled on apache by defualt, but if ssl is already on apache, then also edit this file.
    sudo nano /etc/apache2/sites-enabled/000-default-ssl.conf
    change port number only, keep other things

    <VirtualHost *:8081>
    # keep the content in this file

    restart apache
    sudo systemctl restart apache2.service


    STEP 3 – Install and config Nginx
    Install nginx
    sudo apt install nginx

    Edit this file
    sudo nano /etc/nginx/sites-enabled/default

    change the following content

    part 1 – http:80
    this is to redirect all http request to https.
    delete or comment the original http:80 server, add the following server

    server {
        listen      80;
        return      301 https://$host$request_uri;

    part 2 – https:443
    this part has several functions, see comment in code
    add the following https:433 server

    server {
            listen       *:443;
            # log loaction, optional
            access_log  /var/log/nginx/myserver-ssl-proxy-access.log;
            error_log   /var/log/nginx/myserver-ssl-proxy-error.log;
            ssl on;
            # ssl cert location, must
            ssl_certificate /path/to/ssl.crt;
            ssl_certificate_key /path/to/ssl.key;
            # redirect root to /scada, optional
            location / {
                    rewrite ^/(.*)$ /scada/$1 redirect;
            # reverse proxy to scada on apache, must
            location /scada/ {
                    proxy_pass http://localhost:8080/scada/;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-Forwarded-Proto $scheme;
                    proxy_buffering off;

    restart nginx
    sudo systemctl restart nginx.service

    SETP 4 – Test
    you should be able to access from any of the following address. all of them will send you to https scada website.
Viewing 15 posts - 31 through 45 (of 47 total)
  • You must be logged in to reply to this topic.