The GroundRunner allows users to specify the path to a TLS certificate and its private key, in order to ensure that any communication between GroundRunners is encrypted. This setting is only relevant if you have multiple GroundRunners operating on different servers.
To enable HTTPS communication between GroundRunners, simply provide the following variables in the configuration file that is in the GroundRunner's install directory (ocrunner.config):
If both of these variables are present, the GroundRunner will automatically listen for requests using HTTPS, at the port you have specified in the configuration.
📓 The PORT configuration variable controls the port on which the GroundRunner is listening. Your server must allow for the GroundRunner to bind to this port in order for this process to start correctly.
The final step to start your GroundRunner with encrypted communication is to update the ❗ ❗ ❗ ❗ ❗ ❗ ❗ This sentence is incomplete & runs into the next❗ ❗ ❗ ❗ ❗ ❗ ❗ In the administration section of OneCloud, select Runners and open the edit form of your GroundRunner. Make sure the host address is set to the IP address or a resolvable domain name within your network and confirm by clicking Save.
In many cases, it will be convenient to use self-signed certificates to encrypt GroundRunner communication. If you are using a self-signed certificate, be sure that the Common Name of the certificate matches the URL at which the server can be accessed. For example, if your GroundRunner is listening on port 8821 and you can access the server from your network localhost, the certificate's Common Name would be localhost.
📓 Your self-signed certificate must have a Subject Alternative Name (SAN). If it does not, when your GroundRunner attempts to download files, it will show an error message referencing the missing SAN.