Skip to content

Latest commit

 

History

History
59 lines (40 loc) · 1.61 KB

http-server-tls-env.md

File metadata and controls

59 lines (40 loc) · 1.61 KB
Raw

Configure SSL/TLS for ingress traffic with private key in environment variable or file

In this how-to, we will use X.509 certificates to secure ingress communication using SSL/TLS. We will store a TLS private key using environment variable or file and enable it in Pyron with its corresponding certificate.

In order to configure Pyron, set related environment variables in envs file.

NOTE
Read about private key and certificate format.
Read how to configure mutual SSL/TLS.

Prerequisites

  • You have a valid TLS private key and certificate.

Enable SSL/TLS

  • Set HTTP_SERVER_SSL to true.
  • Set HTTP_SERVER_SNI to true (optional, enables Server Name Indication).

Store private key

Set HTTP_SERVER_PEM_KEY_CERT_OPTIONS__KEY_VALUE with Base64-encoded private key PEM block:

HTTP_SERVER_PEM_KEY_CERT_OPTIONS__KEY_VALUE=LS0tLS1CRUdJTiB...

or set path to private key file:

HTTP_SERVER_PEM_KEY_CERT_OPTIONS__KEY_PATH=/mykey.pem

NOTE
Storing private key in environment variable is not secure. Use Vault instead.

Store certificate

Set HTTP_SERVER_PEM_KEY_CERT_OPTIONS__CERT_VALUE with a Base64-encoded certificate PEM block:

HTTP_SERVER_PEM_KEY_CERT_OPTIONS__CERT_VALUE=IC0tLS0tQkVHSU4g...

or set path to certificate file:

HTTP_SERVER_PEM_KEY_CERT_OPTIONS__CERT_PATH=/mycert.pem