SSL configuration

In order to activate SSL with a custom certificate, you will need two files:

  • \<hostname>.crt: The certificate to use
  • \<hostname>.key: The private key used when generating the certificate


You can use the cli to activate the TLS option.

brainwave config --tls

Certificate location

Server Mode

The files are to be placed in the folder: /etc/brainwave/certificates.

Make sure that the owner and permissions are correct on the folder.
Set brainwave as the owner, and give read & execute rights to all users:

sudo chown brainwave:brainwave /etc/brainwave/certificates

Desktop Mode

The files must be placed in the docker volume called: bwcertificates.
Find the path of the volume in your local deployment place the files inside the volume.

Certificate generation

LetsEncrypt certificate using certbot

These steps allow to generate letsencrypt certificates using certbot on an Amazon Linux instance. Given that the instance has a valid public IP and that the port 80 is open and reachable on the internet.

For more information on how to use certbot on your environment , please refer to:

sudo amazon-linux-extras install epel -y
sudo yum install -y certbot
sudo certbot certonly --standalone

Follow the wizard, certbot will ask for your email and the domain.

Now lets copy the certificates to the good place. Make sure to adjust the example paths

sudo cp /etc/letsencrypt/live/ /etc/brainwave/certificates/

sudo cp /etc/letsencrypt/live/ /etc/brainwave/certificates/

Self-signed example

If you do not have the required files you can generate a self-signed certificate using the following commands.

openssl req -newkey rsa:4096 -keyout -out
openssl x509 -signkey -in -req -days 365 -out
openssl rsa -in -out

[!warning] These commands are provided as an example and MUST not be used in a Prod environment.