The system uses nginx-proxy for SSL termination.
You can use either:
1.Self-signed certificates (testing / non-production), or
2.Corporate PKI / Private CA certificates (production recommended)
Option A: Self-signed Certificates (Testing)
Intended for non-production testing environments.
Option B: Corporate PKI / Private CA (Production)
To use custom certificates, you must enable certificate mounts and related environment variables in compose.yml.
Important: Prefer using an override compose file (e.g., compose.certs.yml) if available.
1. Prepare Certificates
Place certificate files in the certs/ directory:
•certs/shared.crt – Public certificate (wildcard recommended, e.g., *.yourdomain.com)
•certs/shared.key – Private key
•certs/rootCA.crt – Root CA certificate for system trust
•certs/rootCA.pem – Root CA in PEM format (for Java services such as Keycloak)
2. Configure compose.yml
Enable certificate usage for the relevant services by removing comment markers from lines containing certificate configurations and enabling the required volume mounts for rootCA.crt and rootCA.pem.
3. Ensure Internal Trust
When services communicate over HTTPS using a private CA, they must trust that CA. Enable the volume mounts for Root CA certificates and verify the affected service entrypoints copy the CA to the appropriate system trust store.
|
Note: |
