diff --git a/pages/data-visualization/install-and-connect.mdx b/pages/data-visualization/install-and-connect.mdx index ba463ea2b..7548a825c 100644 --- a/pages/data-visualization/install-and-connect.mdx +++ b/pages/data-visualization/install-and-connect.mdx @@ -261,6 +261,9 @@ Configure Memgraph Lab using the following environment variables when running it | `QUICK_CONNECT_MG_IS_ENCRYPTED` | Turn SSL on/off for quick connect | `boolean` | `false` | | `PORT` | Lab app default listening port | `integer` | `3000` | | `REQUEST_BODY_LIMIT_MB` | Limit for request body size in MB | `integer` | `20` | +| `SSL_IS_ENABLED` | Enable or disable SSL | `boolean` | `false` | +| `SSL_CERT_PATH` | Path to SSL certificate to be used | `string` | `./ssl/cert.pem` | +| `SSL_KEY_PATH` | Path to SSL key to be used | `string` | `./ssl/key.pem` | | `STORAGE_MG_HOST` | `(Enterprise only)` Memgraph host for the Lab remote storage | `string` | | | `STORAGE_MG_PORT` | `(Enterprise only)` Memgraph port for the Lab remote storage | `number` | | | `STORAGE_MG_IS_ENCRYPTED` | `(Enterprise only)` Memgraph SSL on/off for the Lab remote storage | `boolean` | | diff --git a/pages/data-visualization/user-manual/custom-ssl-certificates.mdx b/pages/data-visualization/user-manual/custom-ssl-certificates.mdx new file mode 100644 index 000000000..4978f3344 --- /dev/null +++ b/pages/data-visualization/user-manual/custom-ssl-certificates.mdx @@ -0,0 +1,89 @@ +--- +title: Custom SSL certificates +description: Use your own SSL certificate to use Memgraph Lab with HTTPS protocol. +--- + +## Instantiating Memgraph Lab with custom SSL certificate + +Memgraph Lab supports using custom SSL certificates, ensuring secure communication over HTTPS. To set up +SSL on Memgraph Lab you will need to configure a Dockerfile using a valid SSL certificate. + +### Options for generating SSL certificates + +There are various options to generate SSL certificates. Check out the steps on +how to do that with [OpenSSL](#openssl) and [Let's Encrypt](#lets-encrypt). + + +#### OpenSSL +[OpenSSL](https://github.com/openssl/openssl) is a widely used tool for +generating SSL certificates. You can create a self-signed certificate using the +following commands: + +1. Generate a private key: + ```bash + openssl genrsa -out key.pem 2048 + ``` + +2. Generate a self-signed certificate: + ```bash + openssl req -new -x509 -key key.pem -out cert.pem -days 365 + ``` + +However, this option has an expiration date and is not signed by a publicly trusted +[certificate authority](https://en.wikipedia.org/wiki/Certificate_authority), which means +you will most likely receive a security warning from your browser while using it. + +#### Let's Encrypt +[Let's Encrypt](https://letsencrypt.org/) is a free, automated, and open certificate authority +that provides SSL certificates. You can use tools like Certbot to obtain and install certificates. +To use Let's Encrypt: + +1. Install Certbot. +2. Run Certbot to obtain your certificates: + ```bash + sudo certbot certonly --standalone -d yourdomain.com + ``` + +This will generate your SSL certificate and key, typically located in +`/etc/letsencrypt/live/yourdomain.com/`. + +### Dockerfile setup + +To run Memgraph Lab with custom SSL certificates, you need to create a +Dockerfile that specifies how to build the Docker image with your certificates. + +You will need to set the `SSL_CERT_PATH` and `SSL_KEY_PATH` environment variables +to override the default `./ssl/` path used by Lab running in the container to +determine the SSL certificate location. After that, you should copy your certificates +(located in the `ssl` folder at the same location as your `Dockerfile`, for example) +into the container at the specified path. + +#### Example Dockerfile +```docker +FROM memgraph/lab:latest + +# Environment variables +ENV SSL_IS_ENABLED=true +ENV SSL_CERT_PATH=./myssl/cert.pem +ENV SSL_KEY_PATH=./myssl/key.pem + +# COPY source_on_your_machine destination_in_container +COPY ssl/ ./myssl/ + +EXPOSE 3000 +``` + +#### Building and running the Docker container + +1. **Create the SSL Directory**: Make sure your SSL certificate and key are placed +in a directory specified as `COPY` source in your Dockerfile. + +2. **Build the Docker Image**: Run the following command to build your Docker image: + `docker build -t memgraph-lab-ssl .` + +3. **Run the Docker Container**: Start the container using the following command: + `docker run -p 3000:3000 memgraph-lab-ssl` + +4. **Access Memgraph Lab**: You can now access Memgraph Lab in your web browser at +`https://localhost:3000`. Ensure to configure your browser to trust the self-signed +certificate if you are using one. \ No newline at end of file