Snownode over HTTPS

Originally asked by David Martin on 29 December 2021 (original question)


How can I configure Snownode to run over HTTPS for the Web UI and also redirect to HTTPS when HTTP is entered.

I am assuming it is to do with Tomcat or Apache configuration in the docker image


Answer by Francis Martens (Exalate) on 03 January 2022

Hi David,

An approach is to add a reverse proxy (on the same host) in front of the snownode.
Nginx is in most cases the default choice, and the docker image https://hub.docker.com/r/jwilder/nginx-proxy is very versatile, extremely popular and easy to use.

Have a look.

The docker-compose.yml we use in our test environment, combines that image with letsencrypt, which automates the creation of the certificates. The whole setup takes a couple of minutes.

version: '3'

services:
  proxy:
    restart: unless-stopped
    image: jwilder/nginx-proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock
      - ./certs:/etc/nginx/certs:ro
      - ./conf.d:/etc/nginx/conf.d
    labels:
      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy



  letsencrypt:
    restart: unless-stopped
    image: jrcs/letsencrypt-nginx-proxy-companion
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./certs:/etc/nginx/certs:rw


networks:
  default:
    external:
      name: proxy

Comments:

David Martin commented on 03 January 2022

Hi Francis Martens (Exalate) ,

Thank you for the NGINX option. Is it not possible to set the container/web app to run as https only as we already have a reverse proxy (other server) we use and were just looking to secure comms between the reverse proxy and snownode.

Francis Martens (Exalate) commented on 04 January 2022

Support for SSL connections are currently not supported in the product itself. As exalate is based on the play framework, it might be enabled by checking out
https://www.playframework.com/documentation/2.8.x/ConfiguringHttps

If that is the route to follow - startup and application.conf will have to be externalized from the container image and adapted accordingly.

If this is a bridge too far, use jwilder/nginx as a workaround, and deploy it as part of the exalate node itself (by adding it as a service in the docker-compose)