Due to organizational requirements for TLS protocols and ciphers, I modded the nv5geospatiallicenseserver systemd service to pass these options to node on license server startup. Note that there are several ways to add the node options and the below is just one of them. Also, this is for RedHat based systems, please adjust paths for Debian/Ubuntu or use a path common to both OS families (E.g., /etc/nv5/, /usr/local/etc/nv5/). Also, to only serve licenses via TLS, the system firewall can be configured to only allow 40443 or you can remove the "http" section the config/production.json file. Add the following to the [Service] section of /etc/systemd/system/nv5geospatiallicenseserver.service: ''' EnvironmentFile=/etc/sysconfig/nv5geospatiallicenseserver ''' Create /etc/sysconfig/nv5geospatiallicenseserver with the below content. Note that the below is all on one line and that TLS1.3 ciphers can be included. Adjust to your requirements. Do not use quotes. ''' NODE_OPTIONS=--tls-min-v1.2 --tls-max-v1.3 --tls-cipher-list=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256 ''' Run the following commands: sudo systemctl daemon-reload sudo systemctl restart nv5geospatiallicenseserver.service Check service: sudo systemctl status nv5geospatiallicenseserver.service sudo tail /usr/local/nv5/license_server/logs/license_server.log
|