Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

Configure remote AEM 6.5 over https

Avatar

Level 6

Hi All,

 

I am using AEM6.5 SP13 in Amazon AWS cloud.

Requirement is to configure author over https

Referred below link

https://experienceleague.adobe.com/docs/experience-manager-learn/foundation/security/use-the-ssl-wiz....

 

It is talking about localhost of AEM. Our AEM instance is running on remote machine on AWS cloud.

Currently there is no dispatcher configured in front of author.

What are the steps to configure remote author over https. Appreciate any help.

 

Thanks,

Pradeep

1 Accepted Solution

Avatar

Correct answer by
Adobe Champion

this is where use of the dispatcher and potentially loadbalancer makes sense, as you can then map a proper domain main to the server and expose it safely with relevant allow lists etc if you need to limit access to specific source IP ranges (eg your office locations).

View solution in original post

3 Replies

Avatar

Adobe Champion

Configuration of HTTPS for the AEM Author is only possible by initially connecting over HTTP as out of the box AEM doesn't support HTTPS connections.

 

If it's a remote machine as in your case running in AWS Cloud, you could avoid exposing it publicly via HTTP by using an SSH tunnel from your local machine into the host running the AEM author.

This AWS doc gives some info on how to create an SSH tunnel: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-ssh-tunnel.html#emr-ssh-tunnel-win

 

Using a browser plugin such as Foxy Proxy you can configure it to route traffic to specific IP addresses (eg the internal IP of your AEM Author host) via the SSH tunnel, meaning traffic leaving your machine is going over this secure SSH tunnel and not in the clear across the internet.

 

Configuring HTTPS on the AEM author though isn't a replacement for the dispatcher for accessing the Author as the dispatcher includes additional filtering functionality designed to block access to certain paths etc.

In most cases you would terminate the public HTTPS connection at the dispatcher, or potentially a load balancer within your AWS setup.  Use of HTTPS on the author and publish instances enables you to also have the connection between dispatcher and the AEM instances happening over HTTPS.

Avatar

Level 6

Not only from my machine, anyone within my team or client team should be able to access over https only.

So I am thinking this should be done at server level and not at AEM level. I would reach out to IT support team to assist on this.

 

Thanks,

Pradeep

Avatar

Correct answer by
Adobe Champion

this is where use of the dispatcher and potentially loadbalancer makes sense, as you can then map a proper domain main to the server and expose it safely with relevant allow lists etc if you need to limit access to specific source IP ranges (eg your office locations).