Adding HTTPS to RESTful Engine Using A Reverse Proxy
This article assumes you have deployed RESTful Engine using our container image. It also assumes you have already obtained your certificate.
In this article we will be creating a reverse proxy using nginx to handle HTTPS requests to the Manager.
- Create an empty directory
- Copy your certificate and private key into the new directory. We named our private key
privatekey.pem
. We named our certificatefullchain.pem
. - Create a file named default.conf. This is your nginx config file. This nginx config runs on port 443 and only accepts TLS requests. It is setup to forward all requests to the RESTful Engine using an internal port. You need to replace
{ENGINE_PORT}
with the port you have RESTful Engine running on. Replace{your IPv4 address}
with your server's public IPv4 address.
server {
listen 443 ssl http2;
server_name {your IPv4 address};
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privatekey.pem;
location / {
proxy_pass http://127.0.0.1:{ENGINE_PORT}/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
client_max_body_size 20m;
}
}
- Create a file called
Dockerfile
with the following commands.tipIf you named your certificate or private key something different from us, make sure to update the name in this file.
FROM nginx:latest
COPY default.conf /etc/nginx/conf.d/default.conf
COPY fullchain.pem /etc/nginx/ssl/fullchain.pem
COPY privatekey.pem /etc/nginx/ssl/privatekey.pem
- Run
docker build -t fluent-engine=ngnix-ssl-proxy ./
to build the container image - Run
docker run --name fluent-engine-ngnix-ssl-manager-proxy -p 443:443 fluent-engine-ngnix-ssl-proxy