[jira] [Commented] (IGNITE-10668) Web Console: Prepare sample NGINX config with two way ssl authentication support

Fri, 14 Dec 2018 06:35:17 -0800 


    [ 
https://issues.apache.org/jira/browse/IGNITE-10668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16721469#comment-16721469
 ] 

Ilya Murchenko commented on IGNITE-10668:
-----------------------------------------

To enable SSL support for Web Console you should set "ssl_certificate" and 
"ssl_certificate_key" options to NGINX web-console.conf configuration file 
(server block):

{code:bash}
server {
  listen 80;
  listen 443 ssl;
  server_name _;

  set $ignite_console_dir /opt/static;

  ssl_certificate         /path/to/ssl/server.crt;
  ssl_certificate_key     /path/to/ssl/server.key;

  root $ignite_console_dir;
{code}

To enable two-way SSL support for Web Console you should set 
"ssl_client_certificate" and "ssl_verify_client" options in addition to SSL 
configuration above to NGINX web-console.conf configuration file (server block):

{code:bash}
server {
  listen 80;
  listen 443 ssl;
  server_name _;

  set $ignite_console_dir /opt/static;

  ssl_certificate         /path/to/ssl/server.crt;
  ssl_certificate_key     /path/to/ssl/server.key;
  ssl_client_certificate  /path/to/ssl/ca.crt;
  ssl_verify_client       on;
  root $ignite_console_dir;
{code}

To enable SSL/two-way SSL support for Web Console docker container you should 
first prepare server certificates, server keys and web-console.conf 
configuration file locally. 

To run Web Console Docker image with these configuration files and certificates 
please use the following command:

{code:bash}
docker run -v /path/to/ssl:/etc/nginx/ssl -v 
/path/to/web-console.conf:/etc/nginx/web-console.conf -p 80:80 -p 443:443 
apacheignite/web-console-frontend:latest 
{code}

> Web Console: Prepare sample NGINX config with two way ssl authentication 
> support
> --------------------------------------------------------------------------------
>
>                 Key: IGNITE-10668
>                 URL: https://issues.apache.org/jira/browse/IGNITE-10668
>             Project: Ignite
>          Issue Type: Improvement
>          Components: wizards
>            Reporter: Alexey Kuznetsov
>            Assignee: Ilya Murchenko
>            Priority: Major
>             Fix For: 2.8
>
>
> We need a sample config with SSL and ciphers + instruction how to pass to 
> "docker run".



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to