Medium Security
The following examples provide a medium level of security. All communication between the EMS and LSR are encrypted and require basic authentication to be accessed. The examples use a self-signed certificate and private key.
* 
This configuration allows self-signed certificates, which is strongly discouraged for a production environment.
To fit the lines of configuration on the page, the lines have been broken up. If you copy/paste the lines, make sure that you adjust the line breaks accordingly. For example, the line containing the cert_chain property in the config.json example has been broken with a CR and extra spaces. You need to remove that line break and extra spaces after pasting it in your configuration file.
To learn about encrypting the passwords and passphrases, refer to Protecting Data with Encryption.
Security Configuration with Authentication, Validation, and Custom Self-Signed Certificate / Key
EMS — config.json
LSR — config.lua
"http_server": {
"host": "localhost",
"port": 8000,
"ssl": true,
"certificate": "/ path/to/
certificate/file.pem",
"private_key": "/path/to/
private/key.pem",
"passphrase": "some_encrypted_passphrase",
"authenticate": true,
"user": "emsuser",
"password": "some_encrypted_password""
},
"certificates": {
"validate": true,
"allow_self_signed": "true",
"cert_chain" : "/path/to/
ca/cert/list.pem"
}
-- EMS Connection Configuration
scripts.rap_host = "localhost"
scripts.rap_port = 8000

-- EMS Connection TLS Configuration
scripts.rap_ssl = true
scripts.rap_deny_selfsigned = false
scripts.rap_validate = true
scripts.rap_cert_file =
"/path/to/ca/cert/list.pem"

-- EMS Connection Authentication
-- Configuration
scripts.rap_server_authenticate = true
scripts.rap_userid = "emsuser"
scripts.rap_password = "some_encrypted_password"

-- HTTP Server Configuration
scripts.script_resource_host = "localhost"
scripts.script_resource_port = 8001

-- HTTP Server TLS Configuration
scripts.script_resource_ssl = true
scripts.script_resource_certificate_chain =
"/path/to/web/server/certificate.pem"
scripts.script_resource_private_key =
"/path/to/web/server/private/key.pem"
scripts.script_resource_passphrase = "some_encrypted_passphrase"

-- HTTP Server Authentication
-- Configuration
scripts.script_resource_authenticate = true
scripts.script_resource_userid = "luauser"
scripts.script_resource_password = "some_encrypted_password"
Was this helpful?