Reverse Proxy Configuration
The Cawemo distribution includes a sample configuration for running Cawemo behind an automated NGINX reverse proxy for Docker with SSL support.
To use the reverse proxy in your production environment, please follow the steps below (assuming that you have already downloaded and configured Cawemo according to the general installation guide).
1. Extend the .env File
Add the following environment variables to the .env.production file and adjust the values according to your own setup.
| Environment Variable | Example Value | Description |
|---|---|---|
| IAM_SERVER_HOST | iam.example.com | Host part of IAM_BASE_URL |
| SERVER_TLS_CERTIFICATES_PATH | /path/to/certificates | Path of the server directory containing your SSL certificates |
2. Provide SSL Certificates
You have to provide SSL certificates for the following host names:
SERVER_HOSTBROWSER_WEBSOCKET_HOSTIAM_SERVER_HOST
The certificates and their corresponding private keys must be stored in the PEM file format
and must all be placed in the directory configured in SERVER_TLS_CERTIFICATES_PATH.
The files should be named after a certain scheme:
- Individual certificates should be named after the host name with a .crt and .key extension.
For example, a value of
SERVER_HOST=cawemo.example.comshould have acawemo.example.com.crtandcawemo.example.com.keyfile in the certificate directory. - Wildcard certificates should be named after the domain name with a .crt and .key extension.
For example, a value of
SERVER_HOST=cawemo.example.comneedsexample.com.crtandexample.com.keyfiles in the certificate directory.
For more detailed information on the reverse proxy’s SSL configuration options please refer to the official documentation.
3. Run Cawemo
To run Cawemo with the provided reverse proxy, execute the startup script with the additional argument --reverse-proxy:
./start-cawemo.sh --production --reverse-proxy
Point your web browser to the URL you specified in SERVER_URL to verify that the application is running.