Skip to main content


Adding SSL and TLS to Unravel web UI

You can configure an Apache2 web server (HTTPD) as a reverse proxy to provide HTTPS (SSL/TLS) security to Unravel Web UI. Complete the following steps to make this work.


Secure cookies are not supported when using this Apache2 reverse-proxy method. Follow the instructions in Enabling TLS to Unravel Web UI Directly to enable TLS directly in ngui, which listens on port 3000.


These steps were tested with HTTPD 2.4 and support listening on port 443.

  1. Install the needed packages.

    sudo yum install httpd mod_ssl


    There is no need to change the default /etc/httpd/conf/httpd.conf file.

  2. Create /etc/httpd/conf.d/unravel_https.conf. Use the following as a model (replace unravelhost_FQDN and settings for SSLCertificate* with values appropriate for your installation).

    <VirtualHost *:80> 
        ServerName unravelhost_FQDN 
        Redirect permanent / https://unravelhost_FQDN
    <VirtualHost *:443>
        DocumentRoot /var/www/html
        ServerName unravelhost_FQDN
        # use this if http to https errors #RequestHeader set X-FORWARDED-PROTO 'https'
        SSLEngine on 
        SSLCertificateFile /etc/certs/wildcard_unravelhost_ssl_certificate.crt 
        SSLCertificateKeyFile /etc/certs/wildcard_unravelhost_RSA_private.key 
        SSLCertificateChainFile /etc/certs/IntermediateCA.crt
        SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
        SSLHonorCipherOrder On
        # set this off for reverse proxy security 
        ProxyRequests Off 
        # might be helpful in logs 
        ProxyPreserveHost On 
        ProxyPass / http://localhost:3000/ connectiontimeout=180 timeout=180 
        ProxyPassReverse / http://localhost:3000/
        <Location /> 
        Order deny,allow 
        Deny from all 
        Allow from al
  3. Adjust or add property in /usr/local/unravel/etc/ (No trailing slash the :port is optional).

  4. Restart the ngui daemon.

    manager restart ngui
  5. Start the HTTP daemon.

    sudo service httpd start
  6. Visit https://unravelhost_FQDN (using value appropriate for your site) to test access.


To enable verbose logging in Apache2, add LogLevel where LogLevel can be set to debug, trace1,..., trace8.

LogLevel debug


Don't leave debug settings enabled long term because they add overhead and can fill up the log area if logs aren't auto-rolled.

To force HTTPS protocol, even if a user requests http://.

  1. Add the following line after the ServerName line in the virtual host httpd

    RequestHeader set X-FORWARDED-PROTO 'https'
  2. Restart Apache2.