How to enable HTTPS/SSL for the CubeBackup web console?


HTTPS is necessary

Adding HTTPS/SSL to the CubeBackup web console provides another layer of protection for all communications to and from your backup server. This is especially useful when accessing the CubeBackup web console from outside of your company (provided this is allowed by your company’s security policy).

CubeBackup allows you to enable SSL access to the web console with a few simple operations:

Method 1: Automatically apply a free SSL certificate from Let’s Encrypt

CubeBackup can enable HTTPS/SSL for the web console by applying for Let’s Encrypt’s free SSL certificate automatically and installing the certificate on the backup server by adding a line to the configuration file.

Prerequisites:

  • The web console must use port 80 and be able accessible from the Internet. That is, access to the web console from outside of your company must be allowed by the firewall.
  • Assign a domain name (most likely, a subdomain name) to the backup server by adding an A record in the DNS manager’s panel. (this is usually a job for your Domain administrator)
  • If you run CubeBakup inside a docker container, port 443 on the container should already be binded to a host port.

To verify these prerequisites, the web console should be accessible via the domain name from outside your firewall using the standard HTTP protocol.

Modify configuration

Now you can simply modify the configuration file to enable SSL for the web console:

  • Open the config file config.toml on the backup server using a text editor.

Note: On Linux, the configuration file is located at “/opt/cubebackup/bin/config.toml”
On Windows, the configuration file is located at “c:\Program Files\CubeBackup4\bin\config.toml”

  • Add the following line to the [Web] section:

    HTTPSEnabled = true
    

The [Web] section should look like this after the modification:

[Web]
Bind = “:80”
HTTPSEnabled = true
Domains = [“backupserver.yourdomain.com”]  # this is optional
  • Restart the CubeBackup service.

On Linux:

/opt/cubebackup/bin/cbsrv restart

On Windows:

Enter services.msc in the command line, in the poped-up Services list, right click CubeBackup Service entry, then select Restart.

On Docker:

sudo docker restart <container-name>

Method 2: Use your own certificate

If your CubeBackup’s web service does not use port 80, or you want to use your own certificate on the web console, CubeBackup also allows you to encrypt web communication using your own certificate.

Get a certificate

To get your own certificate, you can:

Note: Securing your website with a self-signed SSL certificate protects the web console by encrypting communications to and from the backup server, but self-signed certificates are not automatically recognized by web browsers, so your browser may give a warning about the certificate’s lack of official validity.

Modify configuration

To enable the certificate on your web console:

  • Open the config file on the backup server using a text editor.

Note: On Linux, the configuration file is located at “/opt/cubebackup/bin/config.toml”
On Windows, the configuration file is located at “c:\Program Files\CubeBackup4\bin\config.toml”

  • Add the following lines to the [Web] section:

    HTTPSEnabled = true
    CertFile = “/<path>/<mydomain.pem>”
    KeyFile = “/<path>/<mydomain.key>”
    

The [Web] section should look like this after the modification:

[Web]
Bind = “:80”
HTTPSEnabled = true
CertFile = “/opt/cubebackup/db/abc.pem”
KeyFile = “/opt/cubebackup/db/abc.key”
Domains = [“yourdomain.com”]  # this is optional
  • Restart the CubeBackup service.

On Linux:

/opt/cubebackup/bin/cbsrv restart

On Windows:

Enter services.msc in the command line, in the poped-up Services list, right click CubeBackup Service entry, then select Restart.

On Docker:

sudo docker restart <container-name>

To access the HTTPS/SSL web console, port 443 on the container needs to be binded to a host port.