You are viewing the RapidMiner Server documentation for version 7.6 - Check here for latest version
Enabling HTTPS
To create secure connections between RapidMiner Studio and RapidMiner Server, configure HTTPS (HTTP with SSL) for both incoming and outgoing connections. If you need to change the default port (8443) for HTTPS communication, you can see the section on changing ports.
Making changes on RapidMiner Server
Follow these steps to enable an SSL-encrypted connection:
Obtain an SSL certificate from a certificate authority of your choice. The certificate must be available as a PKCS #12 keystore (having a file extension of
.p12
or.pfx
). If the certificate is not in a PKCS #12 format, consult the CA's documentation for instructions on converting it.Note: SSL certificates are issued per domain or per host name. Make sure that the hostname of the certificate matches the hostname of your RapidMiner Server installation. Otherwise, accessing browsers will show warnings and may even block access entirely.
Import the certificate into your Java keystore, using the Java tool keytool, as follows:
keytool -importkeystore -destkeystore rms.keystore -srckeystore yourkeystore.p12 -srcstoretype PKCS12 -srcalias alias -destalias rms -trustcacerts
Copy the generated
rms.keystore
to the folder/standalone/configuration
in your RapidMiner Server installation directory.Open the file
standalone.xml
. It is located instandalone/configuration
of the RapidMiner Server installation directory.Locate the tag
<connector name="https" ... />
. Uncomment the following snippet directly below the tag (by deleting<!--
and-->
) and edit the password to match the password of your keystore. (If you cannot find the commented snippet, just copy the code below and paste it directly after the<connector name="http" ... />
tag.):<!-- <connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" enable-lookups="false" secure="true"> <ssl name="ssl" password="secret" protocol="TLSv1" key-alias="rms" certificate-key-file=" ${jboss.server.config.dir}/rms.keystore" /> </connector> -->
If you want to disable HTTP connections entirely and forward them to HTTPS automatically:
Add the flag
redirect-port="8443"
inside the HTTP (not HTTPS) tag —<connector name="http" ... />
. (Replace the port with your actual SSL port if it differs from the default):<connector name="http" ... redirect-port="8443" />
Modify the
web.xml
file, which can be found at/standalone/deployments/rapidminer-server-2.x.xxx.ear/rapidminer-server-war.war/WEB-INF/web.xml
, by adding the following:<security-constraint> <web-resource-collection> <web-resource-name>Secure Apps</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint> </security-constraint>
Note: Each time you update RapidMiner Server using the EAR file replacement method, you must redo the changes to the
web.xml
to ensure all traffic continues to redirect to HTTPS.Restart RapidMiner Server.
Making changes on RapidMiner Studio
After making these changes for RapidMiner Server, you must also make changes to each RapidMiner Studio instance that uses this server in its repository. Follow these steps:
In RapidMiner Studio, right-click on the RapidMiner Server repository and select Configure Repository:
The Configure RapidMiner Server Repository window opens. Modify the Repository URL field to use SSL and match the port value you set for RapidMiner Server.
For example:
Click Save to save your changes.