HTTPS deployment

To ensure the integrity and confidentiality of information, it is highly recommended to deploy Data Science Studio using the HTTPS secure protocol.

DSS does not come built-in with HTTPS support. Most people prefer to deploy HTTPS support on the standard (443) port. This requires the HTTPS server to run with high privileges, which DSS does not do.

To enable HTTPS, it is therefore required to deploy a reverse-proxy in front of the DSS server.

Deployment behind a reverse-proxy is fully documented in DSS behind a reverse proxy

However, some additional security steps are required.

Ensuring no access to the HTTP interface

To make the HTTPS deployment efficient, you need to make sure that your users cannot connect to the regular HTTP interface. The recommended way to ensure this is to use a system-level firewall to block access to the internal HTTP port of DSS.

Only the HTTPS port should be accessible from your users

Ensuring secure cookies

By default, since DSS works on HTTP (ie, non-secured), its login cookies do not carry the Secure flag (which makes them unusable over HTTP connections).

Once you have switched to HTTPS, you should enable secure cookies. This will make login via HTTP impossible.

  • Stop DSS
./bin/dss stop
  • Edit the config/general-settings.json file
  • Locate the "security" top-level key in the JSON file. If it does not exist, create it as an empty JSON object
  • Within “security”, add or edit the following key : "secureCookies" : true
  • Start DSS
./bin/dss start

(See file example in Advanced Security options)