Paketo Buildpacks
How to set SSL certificates for Web Servers buildpack #200
Replies: 2 comments
-
It's not really recommended to handle TLS termination in the container. You would generally have this done outside the container by your platform. For example, in Kubernetes at the Ingress layer or perhaps with your cloud provider. You can do it in the container, no one is stopping you but the auto-generation provided by the web servers buildpacks isn't going to generate that configuration for you. The auto-generation is in place for generating common and basic configurations. It is not meant to be an all-encompassing configuration generator. When you need more sophisticated configurations, you just need to bring them along yourself. If you want to bring your own Nginx configuration then you would just use the Nginx buildpack directly. https://paketo.io/docs/reference/nginx-reference/#behavior or Apache HTTPD, if you prefer that, https://paketo.io/docs/reference/httpd-reference/#behavior.
The point is to enforce redirection from HTTP to HTTPS. If a request comes into the application that is HTTP-only, then the server will automatically redirect to the same URL but with HTTPS. That's it. https://paketo.io/docs/howto/web-servers/#redirect-http-requests-to-https-1 |
Beta Was this translation helpful? Give feedback.
-
|
Ok, I got it.
Thanks.
…On Thu, 13 Jul 2023 at 19:57, Daniel Mikusa ***@***.***> wrote:
how do I configure the ssl certificate properties to be included in the
generated nginx.conf file?
It's not really recommended to handle TLS termination in the container.
You would generally have this done outside the container by your platform.
For example, in Kubernetes at the Ingress layer or perhaps with your cloud
provider.
You can do it in the container, no one is stopping you but the
auto-generation provided by the web servers buildpacks isn't going to
generate that configuration for you. The auto-generation is in place for
generating common and basic configurations. It is *not* meant to be an
all-encompassing configuration generator. When you need more sophisticated
configurations, you just need to bring them along yourself.
If you want to bring your own Nginx configuration then you would just use
the Nginx buildpack directly.
https://paketo.io/docs/reference/nginx-reference/#behavior or Apache
HTTPD, if you prefer that,
https://paketo.io/docs/reference/httpd-reference/#behavior.
I know I could provide a nginx.conf file myself with the configuration,
but in that case, what is the point of BP_WEB_SERVER_FORCE_HTTPS?
The point is to enforce redirection from HTTP to HTTPS. If a request comes
into the application that is HTTP-only, then the server will automatically
redirect to the same URL but with HTTPS. That's it.
https://paketo.io/docs/howto/web-servers/#redirect-http-requests-to-https-1
—
Reply to this email directly, view it on GitHub
<#200 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFXYJGXC3X5MPU2PEGB3HDXQBAJ5ANCNFSM6AAAAAA2FYIG7U>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
com>
|
Beta Was this translation helpful? Give feedback.
-
I am using the Web Server buildpack to build and run an Angular application. I am using nginx (BP_WEB_SERVER=nginx) and configuring ssl redirection (BP_WEB_SERVER_FORCE_HTTPS=true). My question is, how do I configure the ssl certificate properties to be included in the generated nginx.conf file?
I know I could provide a nginx.conf file myself with the configuration, but in that case, what is the point of BP_WEB_SERVER_FORCE_HTTPS?
Beta Was this translation helpful? Give feedback.
All reactions