Skip to content

HTTPS Configuration

Default HTTPS Configuration

The application now requires HTTPS by default due to Keycloak's security requirements. When you run the set_hostname script, it automatically:

  • Generates a self-signed certificate for your hostname
  • Signs it with the pre-generated root CA
  • Configures Nginx to use these certificates

Using Custom SSL Certificates

If you want to use your own SSL certificates (e.g., from Let's Encrypt, a commercial CA, or your organization's PKI), follow these steps:

Prerequisites

  • Valid SSL Certificate: A certificate file (.crt or .pem file) from a trusted Certificate Authority
  • Private Key: The corresponding private key file (.key file)
  • Certificate Chain (if applicable): Intermediate certificates from your CA

Steps to Configure Custom Certificates

1. Prepare Your Certificate Files

  • Place your certificate files in the tls directory:
Bash
# Copy your certificate and key
cp /path/to/your/certificate.crt ./tls/router.crt
cp /path/to/your/private.key ./tls/router.key

# If you have a certificate chain, combine it with your certificate
cat /path/to/your/certificate.crt /path/to/intermediate.crt > ./tls/router.crt

File Names

The files must be named router.crt and router.key as the Nginx configuration expects these exact names.

2. Update Nginx Configuration (if Necessary)

The default Nginx configuration (router/default.conf) is already configured for HTTPS:

Nginx Configuration File
server {
    listen 443 ssl default_server; 

    ssl_certificate /etc/nginx/tls/router.crt;
    ssl_certificate_key /etc/nginx/tls/router.key;
    ssl_trusted_certificate /etc/nginx/tls/rootCA.crt;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    # ... rest of configuration
}

3. Restart Services

After updating certificates, restart the affected services:

Bash
# Restart the router to load new certificates
docker restart router

# If you updated the truststore, restart the backend
docker restart backend