Skip to main content

SSL Support

The API service looks for a certificate at configs/base/www-api.crt and the corresponding key configs/base/www-api.key. If they exist the api will listen on port 443 for TLS-encrypted requests.

Use the provided script to generate a self-signed certificate.

Enable SSL web api

  1. Generate a certificate
D=./ ./api/scripts/generate-certificate.sh
  1. Restart api container
docker compose restart api # (or restart api-virt if using the virtualized network variant)

  1. Verify the SSL service is running
curl -k https://127.0.0.1

See next section on how to trust the certificate.

  1. Open port 443 for WAN access (optional)

NOTE This is not recommended if running SPR on the internet.

echo "UPSTREAM_SERVICES_ENABLE=1" >> configs/base/config.sh
docker compose restart api # (or restart api-virt if using the virtualized network variant)

Install CA Certificate on macOS

In order to interact with SPR using HTTPS without getting a warning, you need to install a CA certificate for SPR on your macOS device.

To install the CA certificate to your macOS device:

  • Make sure that your network is connected to SPR
  • Use the browser on your macOS device to go to http://spr.local/cert
  • When the CA certificate downloads, open it with Keychain Access
  • Open the Keychain Access app
  • Click File -> Import items and select the downloaded certificate (cert.crt)
  • Double-click the entry for spr. In the dialog that opens, expand the Trust section and select Always Trust
  • Close the window to save your settings

Verify the certificate is working by visiting https://spr.local

Install CA Certificate on iOS

In order to interact with SPR using HTTPS, you need to install a CA certificate for SPR on your iOS device.

To install the CA certificate to your iOS device:

  • Make sure that your network is connected to SPR
  • Use the browser on your iOS device to go to http://spr.local/cert (or click the link in the app)
  • When the CA certificate downloads, select Profile downloaded in the Settings menu
  • On the Install Profile screen, select Install

ios-cert-install

  • When the profile is installed, select Done
  • Go to Settings > General > About > Certificate Trust Settings*
  • Activate the toggle switch for spr

ios-cert-trust

Verify the certificate is working by visiting https://spr.local on your iOS device or run the SPR app and select https in the login form.