In order to activate SSL with a custom certificate, you will need two files:
\<hostname>.crt: The certificate to use
\<hostname>.key: The private key used when generating the certificate
The Following the naming pattern is mandatory. For instance, if your hostname is
demo.acme.com, the corresponding certificates must be named:
You can use the cli to activate the TLS option.
brainwave config --tls
The files are to be placed in the folder:
Make sure that the owner and permissions are correct on the folder.
brainwave as the owner, and give read & execute rights to all users:
sudo chown brainwave:brainwave /etc/brainwave/certificates
The files must be placed in the docker volume called:
Find the path of the volume in your local deployment place the files inside the volume.
LetsEncrypt certificate using certbot
These steps allow to generate letsencrypt certificates using certbot on an Amazon Linux instance. Given that the instance has a valid public IP and that the port 80 is open and reachable on the internet.
For more information on how to use certbot on your environment , please refer to: https://certbot.eff.org/instructions
sudo amazon-linux-extras install epel -y sudo yum install -y certbot sudo certbot certonly --standalone
Follow the wizard, certbot will ask for your email and the domain.
Now lets copy the certificates to the good place. Make sure to adjust the example paths
sudo cp /etc/letsencrypt/live/demo.acme.com/privkey.pem /etc/brainwave/certificates/demo.acme.com.key sudo cp /etc/letsencrypt/live/demo.acme.com/cert.pem /etc/brainwave/certificates/demo.acme.com.crt
If you do not have the required files you can generate a self-signed certificate using the following commands.
openssl req -newkey rsa:4096 -keyout demo.acme.com.key -out demo.acme.com.csr openssl x509 -signkey demo.acme.com.key -in demo.acme.com.csr -req -days 365 -out demo.acme.com.crt openssl rsa -in demo.acme.com.key -out demo.acme.com.key
[!warning] These commands are provided as an example and MUST not be used in a Prod environment.