Initial GroundRunner Configuration
The GroundRunner allows users to specify the path to a TLS certificate and its private key, in order to ensure that any communication between GroundRunners is encrypted. This setting is only relevant if you have multiple GroundRunners operating on different servers.
To enable HTTPS communication between GroundRunners, simply provide the following variables in the configuration file that is in the GroundRunner's install directory (ocrunner.config):
If both of these variables are present, the GroundRunner will automatically listen for requests using HTTPS, at the port you have specified in the configuration.
📓 The PORT configuration variable controls the port on which the GroundRunner is listening. Your server must allow for the GroundRunner to bind to this port in order for this process to start correctly.
Platform Runner Configuration
The final step to enable your GroundRunner to communicated over HTTPS is to update the Runner inside of the OneCloud Platform. In the administration section of OneCloud, select Runners and open the edit form of your GroundRunner. Make sure the host address is set to the the resolvable domain name within your network and that the protocol is defined as HTTPS confirm by clicking Save.
In many cases, it will be convenient to use self-signed certificates to encrypt GroundRunner communication. If you are using a self-signed certificate, be sure that the Common Name of the certificate matches the URL at which the server can be accessed. For example, if your GroundRunner is listening on port 8821 and you can access the server from your network localhost, the certificate's Common Name would be localhost.
📓 Your self-signed certificate must have a Subject Alternative Name (SAN). If it does not, when your GroundRunner attempts to download files, it will show an error message referencing the missing SAN.