How to make xojo web app run under https

Hi Guys,

I normally run my xojo web app by typing IP address and most of the time, I use domain name redirection.

Now, I came to the point that I need to my xojo app to become https. Please guide me on how to accomplish this.

The instructions vary for how and where you’re deploying your app.

I’m not sure what Xojo Cloud is up to anymore, but the last time I had spoken with them there were plans to support Lets Encrypt.

If you deploy your app to your own server and access the app directly, you can use the built in SSL support with Xojo Web

Additionally, if that’s your route my install script will fetch a certificate from LetsEncrypt and configure the app to launch using it.

Recently, however, Greg posted that Xojo, Inc. does not recommend running the app directly facing the web.

If you are using a load balancer, you will need to find a guide for that software. It’s not hard to configure nginx once you know what you’re doing, but learning how to do it the first few times can be time consuming.

What, where, and how are you deploying your web app?

1 Like

Hi Tim,

I use centos 7 and upload my standalone executable web app assigned to port xxxx.
Then I go to ssh console and run “noup”.

I wish you could give me some idea or solution on how to make my xojo web app work for https.

It sounds like you’re using the app directly facing the internet then. This guide can help: Page Not Found — Xojo documentation

1 Like

Thanks Tim!

I’ll check it out.

You can also check out my guide in the GraffitiSuite documentation if you wish to automate LetsEncrypt certificate renewals for standalone apps.

1 Like

Thanks Anthony,

Your tutorial regarding https is very helpful.
Unfortunately, I dont use domain name (because I don’t have idea on how to attach ip:port to domain name).
What if in my case I just only use IP address:port. How to accomplish it?

Unfortunately Let’s Encrypt doesn’t issue certificates for bare IP addresses, only domain names. You’ll need to register a domain name in order to get a Let’s Encrypt certificate.

If you’re just running this web application on your local network, then you can use a self-signed certificate.

Another option for public-facing apps would be some sort of no-ip provider that gives you a free subdomain pointed to the IP address of your app, but there are problems with that route which you might run in to as well.

If you’re intending to secure your app, then you’ll want SSL. If your app is public-facing, it should be on a domain (even if it’s just a sub-domain of your primary domain).

Actually, I have some domain name on my hosting and I am willing to buy for my xojo app. But the problem is that, I can’t see any tutorials here that guides on how to attache domain name to my IP:PORT.

Please let me know if you find some xojo articles that gives that kind of procedure so that I can proceed securing my domain.

The port doesn’t matter. Via your domain name provider, you’ll create a new A record for a sub-domain that points to the IP address. Something like Your domain name provider or DNS host will have help articles to guide you through this process.

Once that is done and the DNS changes have propagated, you should be able to access your app by visiting https://<appsubdomain>.<yourprimarydomain>.com:<portnumber>/ in your browser.

There are other ways this can be done, but I won’t get in to those.

The port doesn’t matter.

My centos 7 servers had only one IP and It host to run 5 xojo web app by assigning it to a different port.

If I will point to domain “A” record to just an IP, how can the browser know which app will be shown?

Please re-read my message.

So you could do, for example:
and all will point to different Xojo-made web applications.

1 Like

Oh, so I still need port number when typing the URL. ok. Problem solved!

Now I am wondering how hosting server (with one IP) can host multiple domain name without typing the need to type port number.

For that you can use a traditional web server software package to resolve subdomains to the correct port, but it’s a more advanced setup that would require more reading than I’m prepared to type here. A simple Google search for apache subdomain to port would be more helpful to you.

1 Like

I feel the need to say, if you’re not comfortable with managing web services, you should seriously consider Xojo Cloud for your production deployments. Even if you just use it for making your apps available while you build and test your own alternate implementation.

Thank you Anthony for the idea.

I will dig on apache to port after I launch my first “domain” based xojo web app.

Xojo Cloud

Yeah, I tried xojo cloud already (since I started learning xojo). As i remember, I tried it twice. It’s very easy and straightforward.

But I am very comfortable now with CENTOS 7. Because it can also host my other static website and do some domain hosting for clients.

Hi Guys,

I tried Anthony suggestion and it works!

But some few things need to be done.

#1. I need to buy fresh centos 7 and dedicated ip address (not shared hosting)
#2. I need to install libraries to make xojo run.
#3. I need to enable firewall service and open the port 80 and 443

Then, my xojo is now working with domain name under HTTPS :slight_smile:

Thanks to Tim and Anthony for the insight.