HTTPS support in gateway
ppradela opened this issue · comments
Is it possible to configure ssl in gateway service? How to add additional config (https://spring.io/blog/2023/06/07/securing-spring-boot-applications-with-ssl)? I have tried to bind ssl.yml:/etc/geoserver/ssl.yml and added JAVA_OPTS: "-Dspring.config.additional-location=/etc/geoserver/ssl.yml" in docker-compose.yaml but gateway container doesn't load it. I bind ./server.p12:/etc/geoserver/server.p12 and change classpath:server.p12 to file:/etc/geoserver/server.p12 in ssl.yml config. I am not familiar with Spring. Can anybody help me?
@ppradela
I'm currently facing the same issue. Did you manage to get any help or find a solution?
@sameersheikh22
I am using a caddy as a reverse proxy for now. A caddy container has to be in the same container network. My Caddyfile looks like:
gscloud.example.com {
tls cert.pem key.pem
reverse_proxy webui:8080
reverse_proxy /ows* gateway:8080
reverse_proxy /gwc* gateway:8080
}
@ppradela
we are getting below error for this caddyfile
caddyfile::
geoserver-cloud.example.com {
tls /etc/letsencrypt/live/geoserver-cloud.example.com/fullchain.pem /etc/letsencrypt/live/geoserver-cloud.example.com/privkey.pem
reverse_proxy localhost:9090 {
header_up X-Forwarded-Host {host}
}
}
Error:
Can anyone help me!
@Ravi-170524
Compare my Caddyfile to your. You have to do reverse_proxy directly to webui for the geoserver admin interface and another route for services.
This error appears because you do reverse_proxy to gateway container and gateway container does proxy for all services. The traffic goes:
client--https-->caddy--http-->gateway --https-->webui
so it is not encrypted on the whole path but if you use my example you will not get this error.
@ppradela
Thanks , It is working fine