Force HTTPS for Parse Server requests
When you design your own application and make requests to the Parse API you design, your Application ID will be sent in plaintext in API requests. This is dangerous, since anyone with bad intentions could sniff them and break into the application, or even worse, access confidential data from your clients.
To force HTTPS for all API requests, follow these steps:
-
Edit and modify the /opt/bitnami/apache/conf/parse-vhost.conf file so that it fits with this structure. Remplace the DOMAIN placeholders with the corresponding domain name.
<VirtualHost *:80> ServerName DOMAIN ServerAlias www.DOMAIN RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L] </VirtualHost>
-
Edit and modify the /opt/bitnami/apache/conf/parse-https-vhost* file so that it fits with this structure.
<VirtualHost *:443> ServerName DOMAIN ServerAlias www.DOMAIN SSLEngine on SSLCertificateFile "/opt/bitnami/apache/conf/bitnami/certs/server.crt" SSLCertificateKeyFile "/opt/bitnami/apache/conf/bitnami/certs/server.key" </VirtualHost>
-
Edit the serverURL variable property from both api and dashboard objects in the script found at /opt/bitnami/apps/parse/htdocs/server.js:
serverURL: "https://SERVER-IP/parse",
Please remember to replace the SERVER-IP placeholder with the corresponding public IP or domain name.
-
Restart the servers in the stack:
$ sudo /opt/bitnami/ctlscript.sh restart
Your application should now force HTTPS for all API requests correctly.
For more information about this process, refer to this section.