Hi All,
I am using AEM6.5 SP13 in Amazon AWS cloud.
Requirement is to configure author over https
Referred below link
It is talking about localhost of AEM. Our AEM instance is running on remote machine on AWS cloud.
Currently there is no dispatcher configured in front of author.
What are the steps to configure remote author over https. Appreciate any help.
Thanks,
Pradeep
Solved! Go to Solution.
Views
Replies
Total Likes
this is where use of the dispatcher and potentially loadbalancer makes sense, as you can then map a proper domain main to the server and expose it safely with relevant allow lists etc if you need to limit access to specific source IP ranges (eg your office locations).
Configuration of HTTPS for the AEM Author is only possible by initially connecting over HTTP as out of the box AEM doesn't support HTTPS connections.
If it's a remote machine as in your case running in AWS Cloud, you could avoid exposing it publicly via HTTP by using an SSH tunnel from your local machine into the host running the AEM author.
This AWS doc gives some info on how to create an SSH tunnel: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-ssh-tunnel.html#emr-ssh-tunnel-win
Using a browser plugin such as Foxy Proxy you can configure it to route traffic to specific IP addresses (eg the internal IP of your AEM Author host) via the SSH tunnel, meaning traffic leaving your machine is going over this secure SSH tunnel and not in the clear across the internet.
Configuring HTTPS on the AEM author though isn't a replacement for the dispatcher for accessing the Author as the dispatcher includes additional filtering functionality designed to block access to certain paths etc.
In most cases you would terminate the public HTTPS connection at the dispatcher, or potentially a load balancer within your AWS setup. Use of HTTPS on the author and publish instances enables you to also have the connection between dispatcher and the AEM instances happening over HTTPS.
Not only from my machine, anyone within my team or client team should be able to access over https only.
So I am thinking this should be done at server level and not at AEM level. I would reach out to IT support team to assist on this.
Thanks,
Pradeep
this is where use of the dispatcher and potentially loadbalancer makes sense, as you can then map a proper domain main to the server and expose it safely with relevant allow lists etc if you need to limit access to specific source IP ranges (eg your office locations).
Views
Likes
Replies