virtualMachineparse

Force HTTPS for Parse Server requests

When you design your own application and make requests to the Parse API you design, your Application ID will be sent in plaintext in API requests. This is dangerous, since anyone with bad intentions could sniff them and break into the application, or even worse, access confidential data from your clients.

To force HTTPS for all API requests, follow these steps:

  • Edit and modify the /opt/bitnami/apache/conf/parse-vhost.conf file so that it fits with this structure. Remplace the DOMAIN placeholders with the corresponding domain name.

      <VirtualHost *:80>
          ServerName DOMAIN
          ServerAlias www.DOMAIN
          RewriteEngine On
          RewriteCond %{HTTPS} off
          RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]
      </VirtualHost>
    
  • Edit and modify the /opt/bitnami/apache/conf/parse-https-vhost* file so that it fits with this structure.

      <VirtualHost *:443>
          ServerName DOMAIN
          ServerAlias www.DOMAIN
          SSLEngine on
          SSLCertificateFile "/opt/bitnami/apache/conf/bitnami/certs/server.crt"
          SSLCertificateKeyFile "/opt/bitnami/apache/conf/bitnami/certs/server.key"
      </VirtualHost>
    
  • Edit the serverURL variable property from both api and dashboard objects in the script found at /opt/bitnami/apps/parse/htdocs/server.js:

      serverURL: "https://SERVER-IP/parse",
    

    Please remember to replace the SERVER-IP placeholder with the corresponding public IP or domain name.

  • Restart the servers in the stack:

        $ sudo /opt/bitnami/ctlscript.sh restart 
    

Your application should now force HTTPS for all API requests correctly.

For more information about this process, refer to this section.

Last modification December 21, 2022