Add hub service config doc

Author: webprofusion-chrisc

docs/hub/installation/service.md

@@ -0,0 +1,40 @@
+---
+title: Hub Service Config
+---
+
+## Port and TLS Certificate
+By default the hub service will initially be created on `http://localhost:8080` which generally means it can't be used from other machines and it also doesn't have https enabled (the irony!).
+
+A default sample config is created at `C:\ProgramData\certify\hubservice.json` or `/usr/share/certify/hubservice.json` and this allows you to customise the http listener, which is a .net Kestrel web server:
+
+https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-9.0
+
+
+An example config is included in the file to use a PFX file, so to setup https:
+
+- Decide on your preferred fully qualified service name for the hub, e.g. `certifyhub.intranet.yourdomain.com`
+- Use the management hub to acquire a certificate for the service name you need, using the normal certificate request process.
+- Add a Deployment Task (Export Certificate) to export a PFX (PKCS#12) file to where it's required e.g. C:\ProgramData\certify\internal-certs\hub.pfx , then run the task to export the initial certificate.
+
+Once you have a cert on disk you are ready to configure the service to use that cert file, edit the `hubservice.json` file to include the `HttpsInlineCertFile` entry. The choice of port and filename etc is arbitrary, as long as the process can access the file.:
+
+```json
+  "Kestrel": {
+    "Endpoints": {
+      "SvcHttpEndpoint": {
+        "Url": "http://0.0.0.0:8080"
+      },
+     "HttpsInlineCertFile": {
+        "Url": "https://0.0.0.0:9697",
+        "Certificate": {
+          "Path": "C:\\ProgramData\\certify\\internal-certs\\hub.pfx",
+          "Password": ""
+        }
+      },
+    }
+  }
+  ```
+
+Then restart the `Certify Management Hub` service, you can now access the service via https e.g. `https://
+
+This is an example configuration, so you can configure the endpoints and certificates however you prefer.

docs/hub/installation/windows.md

@@ -15,9 +15,9 @@ Install as a single combined management hub service, this is the simplest method
 
 You can download the latest **alpha test** version [7.0.0.16-alpha.03 : Released 2025/05/03](https://certifytheweb.s3.amazonaws.com/downloads/archive/CertifyMgmtHubSetup_V7.0.0-alpha.03.exe) - this is intended for test evaluation and not for production use, as subsequent updates may including breaking changes.
 
-The current default configuration will make the service and UI available at `http://localhost:5000` and you will need to set the API endpoint (the same URL) in the login UI. This will change in subsequent releases.
+The current default configuration will make the service and UI available at `http://localhost:8080` and you will need to set the API endpoint (the same URL) in the login UI.
 
-To use the service with https you currently need to reverse proxy from IIS or any other https enabled web server. This will change in a subsequent update.
+To use the service with https you can either [configure the service to use https](service.md) or reverse proxy the service from a webserver of your choice (Caddy, IIS, nginx, Apache etc and administer https on those as normal).
 
 ### Install as multiple services, possibly on different servers etc.
 - Or, if you need more control over how things are organized, install the components separately: