Proxy Configuration
To set up HTTP/HTTPS proxy configuration:
- Open the configuration file:
~/plauti-apps/config/config.json
Create it there if it does not yet exist. - Add proxy configuration:
{ "proxy": { "enabled": true, "protocol": "http", "host": "proxy.company.com", "port": 8080, "user": "username", "password": "password" } }
Configuration Settings
| Option | Type | Required | Description |
|---|---|---|---|
|
boolean |
Yes |
Enable/disable proxy usage |
|
string |
Yes |
Proxy protocol ( |
|
string |
Yes |
Proxy server hostname or IP address |
|
number |
Yes |
Proxy server port |
|
string |
No |
Username for proxy authentication |
|
string |
No |
Password for proxy authentication |
Examples
Basic proxy (without authentication)
{
"proxy": {
"enabled": true,
"protocol": "http",
"host": "proxy.company.com",
"port": 8080
}
}Proxy with authentication
{
"proxy": {
"enabled": true,
"protocol": "https",
"host": "secure-proxy.company.com",
"port": 3128,
"user": "john.doe",
"password": "SecurePassword123"
}
}Certificate Configuration
Plauti Desktop and Plauti Server can automatically load custom SSL certificates from a designated directory.
Setup
- Find the plauti-apps folder. It is located in the user directory:
Plauti Desktop- Windows:
C:\\Users\<username>\plauti-apps - MacOS:
\Users\<username>\plauti-apps
Plauti Server- Windows:
C:\\Users\<username>\plauti-apps - Windows, if running as a service:
C:\\Windows\System32\config\systemprofile\plauti-apps - Linux:
\home\<username>\plauti-appsor\root\plauti-apps
- Windows:
- Inside the 'plauti-apps' folder, create a directory called
certificates - Add your certificates to the 'certificates' directory.
Supported file types:.crt,.cer,.pem,.der -
Restart Plauti Desktop or Plauti Server.
The certificates are loaded during startup.
Supported Certificate Formats
| File Extension | File Format | Description |
|---|---|---|
|
X.509 |
Standard certificate format |
|
X.509 |
Microsoft certificate format |
|
PEM |
Base64 encoded certificate |
|
DER |
Binary encoded certificate |
TLS (HTTPS) for Plauti Server
Plauti Server can support HTTPS by loading a private key and certificate from disk and enabling TLS at startup. This way you can encrypt traffic between clients and Plauti Server. It also allows for internal CAs and non-public certificates.
Note that by enabling this, HTTP will not work anymore, only HTTPS.
Prerequisites
- Have a Private Key (PEM), e.g. key.pem
- Have a Certificate Chain (PEM), e.g. chain.pem
- Place these files in a stable location and restrict permissions:
chmod 600 ./.certs/key.pem ./.certs/chain.pem
Relative paths are resolved from the server process working directory.
Only key and cert are required for basic HTTPS. A CA bundle is not required unless you use client certs (mTLS).
Configuration Options
Behavior:
- HTTPS is enabled if:
- TLS_ENABLED is set to true, or
- both TLS_KEY_PATH and TLS_CERT_PATH are set.
- HTTPS is explicitly disabled if TLS_ENABLED is set to false (even if paths are set).
- If HTTPS is requested but either file is missing/unreadable, HTTPS is skipped and an error is throw, the system will not startup.
- When HTTPS is enabled, the server runs over HTTPS only on the configured host/port.
Options:
- TLS_ENABLED (boolean, required for explicit control)
- true: enable HTTPS (requires both paths)
- false: force HTTP only
- unset: HTTPS enabled if both paths are provided
- TLS_KEY_PATH (string, required when enabling)
- Path to private key (PEM), e.g., ./.certs/key.pem
- TLS_CERT_PATH (string, required when enabling)
- Path to certificate chain (PEM), e.g., ./.certs/chain.pem
Configuration Methods
You can configure via config.json or env.properties. Choose one of the following options.
Files have to be either relative to the server executable location (eg: ../certificates/), or absolute to the system path (eg: /user/myfolder/plauti-server/certificates/)
- Option A: plauti-apps/config/config.json
File: ~/plauti-apps/config/config.json{ "TLS_ENABLED": true, "TLS_KEY_PATH": "../../.certs/key.pem", "TLS_CERT_PATH": "../../.certs/chain.pem" } - Option B: <server folder>/env.properties
Use one of these files to store the values:
File: <server folder>/env.properties
File: ~/plauti-apps/config/env.propertiesTLS_ENABLED=true TLS_KEY_PATH=../../.certs/key.pem TLS_CERT_PATH=../../.certs/chain.pem
.env file is also supported by the server (dotenv). If present, the same keys can be placed there.
Examples
Enable HTTPS (recommended)
Provide both files and set TLS_ENABLED=true
TLS_ENABLED=true TLS_KEY_PATH=./.certs/key.pem
TLS_CERT_PATH=./.certs/chain.pem
TLS_ENABLED=false # Paths (if present) are ignored when disabled TLS_KEY_PATH=./.certs/key.pem TLS_CERT_PATH=./.certs/chain.pem
Verification
There are several ways to check whether it is working:
-
Startup log:
“HTTPS enabled, not usable over HTTP” → HTTPS active, no HTTP usable.
“HTTPS disabled, running over HTTP” → HTTP only, no HTTPS enabled.
Certificate checks:
openssl x509 -in ./.certs/chain.pem -noout -subject -issuer -dates
openssl rsa -in ./.certs/key.pem -check -nooutConnectivity test:
curl -vk https://<host>:<port>/healthCheckTroubleshooting
- “HTTPS enabled but tlsKeyPath or tlsCertPath missing”
--> Provide both TLS_KEY_PATH and TLS_CERT_PATH, or set TLS_ENABLED=false
- Permission denied reading key/cert
--> Fix permissions/ownership so the server process can read the files
- Browser warns on certificate
--> Use a cert issued by a trusted CA, or import your internal CA into the client trust store
