Reverse Proxy Configuration
This page offers a sample configuration for running Cawemo with an automated NGINX reverse proxy for Docker with SSL support. To do so, please follow the following steps:
1. Download docker-compose.reverse-proxy.yml
Download this docker-compose.reverse-proxy.yml file to the same location you put the docker-compose.yml from step 2 of the on-premise installation.
2. Extend the .env File
Add these values to the .env file you created in step 3 of the on-premise installation and adjust the values according to your own setup.
IAM_SERVER_HOST=iam.example.com
SERVER_TLS_CERTIFICATES_PATH=/path/to/certificates
3. Create a Folder For Your Certificates
You have to provide SSL certificates for the host names used in SERVER_HOST, BROWSER_WEBSOCKET_HOST and IAM_SERVER_HOST via the path configured in SERVER_TLS_CERTIFICATES_PATH.
The certificates and their corresponding private keys must be provided in the PEM file format.
They should be named after a certain scheme:
- Individual certificates should be named after the host name with a .crt and .key extension.
For example, a value of
SERVER_HOST=foo.example.comshould have afoo.example.com.crtandfoo.example.com.keyfile in the certificate directory. - Wildcard certificates should be named after the domain name with a .crt and .key extension.
For example, a value of
SERVER_HOST=foo.example.comneedsexample.com.crtandexample.com.keyfiles in the certificate directory.
Beware that self-signed certificates won’t work. For more detailed information on the reverse proxy’s SSL configuration options see the official documentation.
4. Run Cawemo
Use the following command for running Cawemo with the provided reverse proxy:
docker-compose -f docker-compose.yml -f docker-compose.reverse-proxy.yml up -d
Point your web browser to the URL you defined above as SERVER_URL to verify that the application is running.