Hi everyone, I installed a Tile server following the guide for ubuntu, everything works ok!
Now I want the connection to be encrypted, but even if the certificate is installed correctly and I see it because the index.html loads me correctly, the tests I do through sample_leaflet.html are not managed, I don’t see any requests coming to the server.
Question: Is there any parameter to change on this file?
In this line I put: L.tileLayer (‘https://{s}.tileosm.domain.com/hot/{z}/{x}/{y}.png’, {
Thanks in advance.
The answer is basically “follow one of the many online guides for setting up https access on your operating system”. The reason that the Switch2osm guide doesn’t do that is because there’s quite a lot of information elsewhere. I wrote a bit more over at https://wiki.openstreetmap.org/wiki/User:SomeoneElse/Ubuntu_1804_tileserver_load (although unfortunately the guide I linked to from that seems not to have been kept updated).
As an example, a small test server I installed recently has these apache sites available and enabled:
/etc/apache2/sites-enabled:
total used in directory 8 available 1.8 GiB
drwxr-xr-x 2 root root 4096 Jan 4 21:19 .
drwxr-xr-x 8 root root 4096 Jan 7 06:38 …
lrwxrwxrwx 1 root root 35 Nov 28 21:45 000-default.conf → …/sites-available/000-default.conf
lrwxrwxrwx 1 root root 35 Dec 15 00:15 default-ssl.conf → …/sites-available/default-ssl.conf
“000-default.conf” is the http config, “default-ssl.conf” the https one.
By default apache installs a self-signed certificate. On this test server I want a real one, so I installed “acme.sh” from https://github.com/Neilpang/acme.sh to handle the renewal and edited “default-ssl.conf” to point to the fullchain.cer and .key files generated by that process. “acme.sh” adds this to the root crontab:
54 0 * * * “/root/.acme.sh”/acme.sh --cron --home “/root/.acme.sh” > /dev/null
That might need a bit of adjustment depending on how you want to obtain new certificates - if “standalone” then you’ll want to create a script that stops apache, renews, restarts apache, and mails you the results.
However, before you get to that stage, just try https access to a tile.
You’ve said that “https://tileosm.domain.com/index.html” works and that “http://tileosm.domain.com/sample_leaflet.html” works. Next, find a tile that works over http, such as http://tileosm.domain.com/hot/8/122/82.png (but with different numbers). Try https://tileosm.domain.com/hot/8/122/82.png - what actual error do you get?
If you setup ssl for tileosm.domain.com, you probably did not setup ssl for a.tileosm.domain.com|b.tileosm.domain|c.tileosm.domain.com, but that is used if you use {s} in https://{s}.tileosm.domain.com. So either use just https://tileosm.domain.com… as TileLayer URL or add ssl for those subdomains a|b|c of the tileosm subdomain.
