Enabling HTTPS Connections
Umbrella node doesn't support application layer TLS at the moment. We do recommend to setup TLS in front of a Umbrella node by either using a Load Balancer with TLS termination (such as Amazon Elastic Load Balancer) or a Reverse Proxy (such as NGINX).
TLS via NGINX
Requirements
- A valid certificate issued by a certificate authority
Create a Directory
mkdir ~/.umbrella-nginx
Copy the issued certificate and its certificate key to ~/.umbrella-nginx.
Please name the issued certificate as cert.crt and the certificate key as cert.key.
Certificate Authority
Make sure the certificate was issued by a valid Certificate Authority.
echo '
upstream validator-api {
server validator-api.:3000;
}
server {
listen 80;
server_name _;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /dev/stdout;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://validator-api;
proxy_read_timeout 3600;
}
}' > ~/.umbrella-nginx/nginx.conf
Start docker:
docker run -p 80:80 -p 443:443 --restart unless-stopped -d --name validator-nginx --network umbrella-network -v ~/.umbrella-nginx/cert.crt:/etc/nginx/cert.crt -v ~/.umbrella-nginx/cert.key:/etc/nginx/cert.key -v ~/.umbrella-nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro nginx
Privileges
Make sure you have permission to bind NGINX Docker container to ports 80 and 443
To check if the NGINX container is running:
docker ps | grep nginx
To check logs:
docker logs validator-nginx -f
Updated almost 3 years ago