-
Notifications
You must be signed in to change notification settings - Fork 411
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Docs]: Include information on where TLS certificates for the HTTPS API are stored #1728
Comments
Hey @ZelnickB, The reason you can't find the certificate (nor the key), is that they're only available in memory. They're generated and signed at startup, and the certificate is automatically renewed every 24 hours. It's unlikely we'll change this method of operation soon. Generally we advise to let the CA perform TLS termination, and when a proxy is to be used, to configure it as a TCP proxy, so that the connection is forwarded directly. On the CA side, you can configure An alternative is to configure your Nginx with a different TLS certificate obtained from the CA, effectively fronting the CA. The connection between Nginx and the CA will still use the CA HTTPS certificate, but the clients will connect to Nginx's own certificate (chaining to the same root as the CA uses). Recently we've merged a PR that will make things more flexible in the future, including supplying your own certificates, but we haven't planned building functionalities on top of that one (yet). |
Hello!
Affected area/feature
I'm running a certificate authority via a Docker container. I have a Docker port forward set up from
127.0.0.1:9000
on my container host to the API listening port inside of the container. I want to make the API accessible via a Nginx reverse proxy (proxy_pass
) as follows:https://certificates.my.lan
→127.0.0.1:9000
→127.0.0.1:9000
→https://127.0.0.1:9000
I'd like to accomplish this by mounting the SSL/TLS certificate and key used when serving the CA HTTPS API in the container into the container host system and then configuring Nginx to use that. However, I cannot find where this certificate is stored inside of the container. Can this information be added to the documentation?
The text was updated successfully, but these errors were encountered: