Network Configuration for Desktop/Server
If needed, Plauti Desktop and Plauti Server can support HTTP/HTTPS proxy configuration and custom SSL certificate loading, to address security requirements. Plauti Server can handle TLS as well.
This lets the Plauti Apps operate in environments with network restrictions and custom certificate authorities.
Proxy Configuration
To set up HTTP/HTTPS proxy configuration:
Open the configuration file:
~/plauti-apps/config/config.jsonCreate it there if it does not yet exist.
Add proxy configuration:
{ "proxy": { "enabled": true, "protocol": "http", "host": "proxy.company.com", "port": 8080, "user": "username", "password": "password" } }
Configuration Settings
| Option | Type | Required | Description |
|---|---|---|---|
enabled |
boolean | Yes | Enable/disable proxy usage |
protocol |
string | Yes | Proxy protocol (http or https) |
host |
string | Yes | Proxy server hostname or IP address |
port |
number | Yes | Proxy server port |
user |
string | No | Username for proxy authentication |
password |
string | No | Password for proxy authentication |
Examples
Basic proxy (without authentication)
{
"proxy": {
"enabled": true,
"protocol": "http",
"host": "proxy.company.com",
"port": 8080
}
}
Proxy with authentication
{
"proxy": {
"enabled": true,
"protocol": "https",
"host": "secure-proxy.company.com",
"port": 3128,
"user": "john.doe",
"password": "SecurePassword123"
}
}
Certificate Configuration
Plauti Desktop and Plauti Server can automatically load custom SSL certificates from a designated directory.
Setup
Find the plauti-apps folder. It is located in the user directory:
Plauti Desktop
Windows:
C:\\Users\\plauti-appsMacOS:
\Users\\plauti-appsPlauti Server
Windows:
C:\\Users\\plauti-appsWindows, if running as a service:
C:\\Windows\System32\config\systemprofile\plauti-appsLinux:
\home\\plauti-appsor\root\plauti-apps
Inside the 'plauti-apps' folder, create a directory called
certificatesAdd your certificates to the 'certificates' directory.
Supported file types:
.crt,.cer,.pem,.derRestart Plauti Desktop or Plauti Server.
The certificates are loaded during startup.
Supported Certificate Formats
| File Extension | File Format | Description |
|---|---|---|
.crt |
X.509 | Standard certificate format |
.cer |
X.509 | Microsoft certificate format |
.pem |
PEM | Base64 encoded certificate |
.der |
DER | Binary encoded certificate |
TLS (HTTPS) for Plauti Server
Plauti Server can support HTTPS by loading a private key and certificate from disk and enabling TLS at startup. This way you can encrypt traffic between clients and Plauti Server. It also allows for internal CAs and non-public certificates.
Note that by enabling this, HTTP will not work anymore, only HTTPS.
Prerequisites
- Have a Private Key (PEM), e.g. key.pem
- Have a Certificate Chain (PEM), e.g. chain.pem
- Place these files in a stable location and restrict permissions:
chmod 600 ./.certs/key.pem ./.certs/chain.pem
Relative paths are resolved from the server process working directory.
Only key and cert are required for basic HTTPS. A CA bundle is not required unless you use client certs (mTLS).
Configuration Options
Behavior:
- HTTPS is enabled if:
- TLSENABLED is set to true, or
- both TLSKEYPATH and TLSCERTPATH are set.
- HTTPS is explicitly disabled if TLSENABLED is set to false (even if paths are set).
- If HTTPS is requested but either file is missing/unreadable, HTTPS is skipped and an error is throw, the system will not startup.
- When HTTPS is enabled, the server runs over HTTPS only on the configured host/port.
Options:
- TLSENABLED (boolean, required for explicit control)
- true: enable HTTPS (requires both paths)
- false: force HTTP only
- unset: HTTPS enabled if both paths are provided
- TLSKEYPATH (string, required when enabling)
- Path to private key (PEM), e.g., ./.certs/key.pem
- TLSCERTPATH (string, required when enabling)
- Path to certificate chain (PEM), e.g., ./.certs/chain.pem
Configuration Methods
You can configure via config.json or env.properties. Choose one of the following options.
Files have to be either relative to the server executable location (eg: ../certificates/), or absolute to the system path (eg: /user/myfolder/plauti-server/certificates/)
Option A: plauti-apps/config/config.json
File: ~/plauti-apps/config/config.json{ "TLS\_ENABLED": true, "TLS\_KEY\_PATH": "../../.certs/key.pem", "TLS\_CERT\_PATH": "../../.certs/chain.pem" }Option B: /env.properties
Use one of these files to store the values:
File: /env.properties
File: ~/plauti-apps/config/env.propertiesTLS\_ENABLED=true TLS\_KEY\_PATH=../../.certs/key.pem TLS\_CERT\_PATH=../../.certs/chain.pem.env file is also supported by the server (dotenv). If present, the same keys can be placed there.
Examples
Enable HTTPS (recommended)
- Provide both files and set TLSENABLED=true
TLS\_ENABLED=true
TLS\_KEY\_PATH=./.certs/key.pem
TLS\_CERT\_PATH=./.certs/chain.pem
Disable HTTPS explicitly (force HTTP)
TLS\_ENABLED=false
# Paths (if present) are ignored when disabled
TLS\_KEY\_PATH=./.certs/key.pem
TLS\_CERT\_PATH=./.certs/chain.pem
Verification
There are several ways to check whether it is working:
- Startup log:
- “HTTPS enabled, not usable over HTTP” → HTTPS active, no HTTP usable.
- “HTTPS disabled, running over HTTP” → HTTP only, no HTTPS enabled.
- Certificate checks:
openssl x509 -in ./.certs/chain.pem -noout -subject -issuer -dates
openssl rsa -in ./.certs/key.pem -check -noout
- Connectivity test:
curl -vk https://:/healthCheck
Troubleshooting
- “HTTPS enabled but tlsKeyPath or tlsCertPath missing”
-> Provide both TLSKEYPATH and TLSCERTPATH, or set TLSENABLED=false
- Permission denied reading key/cert
-> Fix permissions/ownership so the server process can read the files
- Browser warns on certificate
-> Use a cert issued by a trusted CA, or import your internal CA into the client trust store