Configuring HTTP settings for the Delphix Engine
Use the following steps to configure HTTP settings for the Delphix Continuous Data Engine.
Login to the Continuous Data Setup UI as a sysadmin.
From the Dashboard, select Settings under Network Security. This will open a new wizard where you can modify the settings.
In the Network Security Settings screen, you can modify the HTTP mode, TLS Version, and HTTPS Ciphers to be used.
In HTTP mode, select one of the following:
HTTP Only – accepts only HTTP connections.
HTTPS Only – accepts only HTTPS connections.
HTTP Redirect – redirect all requests made over HTTP to HTTPS.
HTTP and HTTPS – accepts both HTTP and HTTPS connections.
HTTP Redirect with HSTS – redirect all requests made over HTTP to HTTPS and add the “Strict-Transport-Security” header to all responses.
HSTS is not required. By default, the Continuous Data Engine is configured to HTTP and HTTPS. This can be left as is.
If you set up HSTS and want to revert it, follow the same steps to this point and select your previous option.
In TLS Version, select the required TLS versions.
In HTTPS Ciphers, select the required option from the drop-down list. Click the check box next to Select All to choose all options.
Click Next and then click Submit, allowing your engine to restart for the changes to take effect.
When the Continuous Data Engine homepage is loaded after the restart, all the HTTP requests will be redirected to the selected HTTP mode after the first load.
The above steps could fail if:
The certificates are not trusted – a “not secure” warning on the search bar of the browser. Certificate setup should be completed before setting up HSTS headers in order for them to be useful. Otherwise, the redirect will still happen over 302 status.
Your site is not prepared for HTTPS setup – for example, each of the subdomains accessed should be supporting HTTPS; parts of the application might be inaccessible otherwise.
Every first request whenever the cache is cleared would redirect over 302. Any further requests after the first would redirect over 307