Configuring SSL certs for the tykio/tyk-host-manager docker image

MrImport · January 19, 2016, 9:29pm

Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:29:25 +0000.
Sender:Ian Harris.
Date:Wednesday, 14 October 2015 16:41:45 UTC+1.

Hi,

I’m wondering what the best way to configure SSL certs for a docker install of Tyk?

Thanks,
Ian.

MrImport · January 19, 2016, 9:29pm

Imported Google Group message.
Sender:Martin Buhr.
Date:Wednesday, 14 October 2015 16:55:34 UTC+1.

Hi Ian,
If you are using the host manager then configuring SSL can be done directly in the nginx.conf file in the docker image. Since the host manager is essentially just a managed nginx instance.
Not sure how much that helps
If you run Tyk on its own then you can configure an DSL certificate set in the Tyk.conf file like so:
“http_server_options”: {
“use_ssl”: true,
“server_name”: “www.banana.com”,
“min_version”: “1.2”,
“certificates”: [
{
“domain_name”: “*”,
“cert_file”: “new.cert.cert”,
“key_file”: “new.cert.key”
}
]
},
Cheers,
Martin

MrImport · January 19, 2016, 9:29pm

Imported Google Group message.
Sender:Ian Harris.
Date:Friday, 30 October 2015 09:25:29 UTC.

Hi Martin,

I am using the host manager so I’ve configured the certs in /etc/nginx/nginx.conf. I can successfully negotiate an encrypted connection with the server. However, when I use a HTTPS connection I always get a 404 error returned. When accessing the same resource using unencrypted HTTP Tyk successfully accesses the resource.

Is there anything else I need to configure with SSL?

Thanks,
Ian.

show quoted text -

MrImport · January 19, 2016, 9:29pm

Imported Google Group message.
Sender:Martin Buhr.
Date:Friday, 30 October 2015 09:37:35 UTC.

Hi Ian,

How have yo configured NGinX to terminate SSL? It shouldn’t pass through encrypted traffic to Tyk (unless you configure Tyk to handle encrypted traffic), it will need to negotiate the SSL connection, terminate at the NginX layer and then pass unencrypted requests through to Tyk.

Cheers,
Martin

MrImport · January 19, 2016, 9:29pm

Imported Google Group message.
Sender:Ian Harris.
Date:Friday, 30 October 2015 09:44:52 UTC.

Hi Martin,

I’ve just used a standard server block to the http block in the configuration file.

server {
listen
server_name
ssl_certificate
ssl_certificate_key
}

I’ve used tcpdump to trace the exchange and there doesn’t appear to be any communication with the either the dashboard or gateway in between the client request and the server response.

Am I perhaps missing some config to forward requests from port 443 to the gateway?

Thanks,
Ian.

show quoted text -