Having secure HTTP in case the Authoring Platform is a public-facing instance is definitely a must. For such cases, we are providing a pre-configured environment and a convenience script to acquire the necessary SSL certificate.
SSL certificate retrieval and renewal are managed by certbot, the official ACME client recommended by Let's Encrypt.
To be able to obtain an SSL certificate the following requirements must be met:
docker and docker-compose are installed
the server instance has a public IP address
a DNS A record is configured for the desired domain name routing to the server's IP address
For the sake of example let's say the target domain name is snow-owl.b2ihealthcare.com
.
Go to the sub-folder called ./snow-owl/docker/configs/cert
. Make sure the init-certificate.sh
script has permissions to be executable and get some details about its parameters:
As you can see -d
is used for specifying the domain name, and -e
is used for specifying a contact email address (optional). Now execute the script with our example parameters:
Script execution will overwrite the files under ./snow-owl/docker/docker-compose.yml and ./snow-owl/docker/configs/nginx/nginx.conf. Make a note of any changes if required.
After successful execution, a new folder is created ./snow-owl/cert
which contains all the certificate files required by NGINX. The docker-compose.yml file is also amended with a piece of code that guarantees automatic renewal of the certificate:
At this point everything is prepared for having secure HTTP, let's see what else needs to be configured before spinning up the service.