Enabling HTTPS Connections

Umbrella node doesn't support application layer TLS at the moment. We do recommend to setup TLS in front of a Umbrella node by either using a Load Balancer with TLS termination (such as Amazon Elastic Load Balancer) or a Reverse Proxy (such as NGINX).

TLS via NGINX

Requirements

  • A valid certificate issued by a certificate authority

Create a Directory

mkdir ~/.umbrella-nginx

Copy the issued certificate and its certificate key to ~/.umbrella-nginx.
Please name the issued certificate as cert.crt and the certificate key as cert.key.

πŸ“˜

Certificate Authority

Make sure the certificate was issued by a valid Certificate Authority.

echo '
upstream validator-api {
    server validator-api.:3000;
}

server {
    listen 80;
    server_name _;
    return 302   https://$host$request_uri;
}

server {

    listen 443 ssl;
    server_name _;

    ssl_certificate           /etc/nginx/cert.crt;
    ssl_certificate_key       /etc/nginx/cert.key;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /dev/stdout;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          http://validator-api;
      proxy_read_timeout  3600;
    }
}' > ~/.umbrella-nginx/nginx.conf

Start docker:

docker run -p 80:80 -p 443:443 --restart unless-stopped -d --name validator-nginx --network umbrella-network -v ~/.umbrella-nginx/cert.crt:/etc/nginx/cert.crt -v ~/.umbrella-nginx/cert.key:/etc/nginx/cert.key -v ~/.umbrella-nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro nginx

πŸ“˜

Privileges

Make sure you have permission to bind NGINX Docker container to ports 80 and 443

To check if the NGINX container is running:

docker ps | grep nginx

To check logs:

docker logs validator-nginx -f