-
Notifications
You must be signed in to change notification settings - Fork 0
Security TLS Configuration
github-actions[bot] edited this page Dec 6, 2025
·
2 revisions
This document describes the TLS/certificate system of ReadyStackGo.
- Goals
- TLS Modes
- Bootstrap with Self-Signed
- Custom Certificates
- Integration in Gateway
- Diagrams
- Immediate security with self-signed certificates
- Later replacement with custom certificates possible
- TLS termination in the gateway
- Minimal complexity for the operator
-
SelfSigned– Default on first start -
Custom– PFX upload by admin
Defined in rsgo.tls.json.
On first start:
- Check if
rsgo.tls.jsonexists - If not → Generate self-signed certificate
- Store PFX at
/app/certs/selfsigned.pfx - Write
rsgo.tls.jsonwithmode = SelfSigned
Via Admin UI:
- Upload a PFX file
- Enter password
- Validation (expiration date, private key, etc.)
- Update
rsgo.tls.jsonwithmode = Custom
sequenceDiagram
participant Admin as Admin User
participant UI as RSGO UI
participant API as RSGO API
participant TLS as TLS Engine
participant GW as edge-gateway
Admin->>UI: opens TLS page
UI->>API: GET /admin/tls
API-->>UI: tlsMode=SelfSigned
Admin->>UI: uploads custom.pfx
UI->>API: POST /admin/tls/upload
API->>TLS: Validate & Install
TLS-->>API: OK
API-->>UI: success
Note over API,GW: next deployment starts Gateway with Custom PFX
Getting Started
Architecture
Configuration
Security
Setup Wizard
Development
Operations
CI/CD
Reference
- Roadmap
- API Reference
- Configuration Reference
- Manifest Schema
- Multi-Environment
- Stack Sources
- Plugin System
- Technical Specification
- Full Specification
Specifications
Release Notes