From c145099b643692230ddae15d18a64fd99cf1e8bf Mon Sep 17 00:00:00 2001 From: AlexIchenskiy Date: Tue, 5 Nov 2024 10:15:25 +0100 Subject: [PATCH 1/2] add custom SSL configuration page --- .../install-and-connect.mdx | 3 + .../user-manual/custom-ssl-certificates.mdx | 85 +++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 pages/data-visualization/user-manual/custom-ssl-certificates.mdx diff --git a/pages/data-visualization/install-and-connect.mdx b/pages/data-visualization/install-and-connect.mdx index ba463ea2b..7548a825c 100644 --- a/pages/data-visualization/install-and-connect.mdx +++ b/pages/data-visualization/install-and-connect.mdx @@ -261,6 +261,9 @@ Configure Memgraph Lab using the following environment variables when running it | `QUICK_CONNECT_MG_IS_ENCRYPTED` | Turn SSL on/off for quick connect | `boolean` | `false` | | `PORT` | Lab app default listening port | `integer` | `3000` | | `REQUEST_BODY_LIMIT_MB` | Limit for request body size in MB | `integer` | `20` | +| `SSL_IS_ENABLED` | Enable or disable SSL | `boolean` | `false` | +| `SSL_CERT_PATH` | Path to SSL certificate to be used | `string` | `./ssl/cert.pem` | +| `SSL_KEY_PATH` | Path to SSL key to be used | `string` | `./ssl/key.pem` | | `STORAGE_MG_HOST` | `(Enterprise only)` Memgraph host for the Lab remote storage | `string` | | | `STORAGE_MG_PORT` | `(Enterprise only)` Memgraph port for the Lab remote storage | `number` | | | `STORAGE_MG_IS_ENCRYPTED` | `(Enterprise only)` Memgraph SSL on/off for the Lab remote storage | `boolean` | | diff --git a/pages/data-visualization/user-manual/custom-ssl-certificates.mdx b/pages/data-visualization/user-manual/custom-ssl-certificates.mdx new file mode 100644 index 000000000..0e7d142e5 --- /dev/null +++ b/pages/data-visualization/user-manual/custom-ssl-certificates.mdx @@ -0,0 +1,85 @@ +--- +title: Custom SSL certificates +description: Use your own SSL certificate to use Memgraph Lab with HTTPS protocol. +--- + +## Instantiating Memgraph Lab with Custom SSL Certificate + +Memgraph Lab supports using custom SSL certificates, ensuring secure communication over HTTPS. To set up +SSL on Memgraph Lab you will need to configure a Dockerfile using a valid SSL certificate. + +### Options for Generating SSL Certificates + +You have several options for generating SSL certificates: + +#### OpenSSL +OpenSSL is a widely used tool for generating SSL certificates. You can create a self-signed certificate using the following commands: + +1. Generate a private key: + ```bash + openssl genrsa -out key.pem 2048 + ``` + +2. Generate a self-signed certificate: + ```bash + openssl req -new -x509 -key key.pem -out cert.pem -days 365 + ``` + +However, this option has an expiration date and is not signed by a publicly trusted +[certificate authority](https://en.wikipedia.org/wiki/Certificate_authority), which means +you will most likely receive a security warning from your browser while using it. + +#### Let's Encrypt +[Let's Encrypt](https://letsencrypt.org/) is a free, automated, and open certificate authority +that provides SSL certificates. You can use tools like Certbot to obtain and install certificates. +To use Let's Encrypt: + +1. Install Certbot. +2. Run Certbot to obtain your certificates: + ```bash + sudo certbot certonly --standalone -d yourdomain.com + ``` + +This will generate your SSL certificate and key, typically located in +`/etc/letsencrypt/live/yourdomain.com/`. + +### Dockerfile setup + +To run Memgraph Lab with custom SSL certificates, you need to create a +Dockerfile that specifies how to build the Docker image with your certificates. + +You will need to set the `SSL_CERT_PATH` and `SSL_KEY_PATH` environment variables +to override the default `./ssl/` path used by Lab running in the container to +determine the SSL certificate location. After that, you should copy your certificates +(located in the `ssl` folder at the same location as your `Dockerfile`, for example) +into the container at the specified path. + +#### Example Dockerfile +```docker +FROM memgraph/lab:latest + +# Environment variables +ENV SSL_IS_ENABLED=true +ENV SSL_CERT_PATH=./myssl/cert.pem +ENV SSL_KEY_PATH=./myssl/key.pem + +# COPY source_on_your_machine destination_in_container +COPY ssl/ ./myssl/ + +EXPOSE 3000 +``` + +#### Building and Running the Docker Container + +1. **Create the SSL Directory**: Make sure your SSL certificate and key are placed +in a directory specified as `COPY` source in your Dockerfile. + +2. **Build the Docker Image**: Run the following command to build your Docker image: + `docker build -t memgraph-lab-ssl .` + +3. **Run the Docker Container**: Start the container using the following command: + `docker run -p 3000:3000 memgraph-lab-ssl` + +4. **Access Memgraph Lab**: You can now access Memgraph Lab in your web browser at +`https://localhost:3000`. Ensure to configure your browser to trust the self-signed +certificate if you are using one. \ No newline at end of file From fbe6fa8ad6d87de220a564ef923dfe5f25c761ba Mon Sep 17 00:00:00 2001 From: katarinasupe Date: Tue, 5 Nov 2024 12:48:41 +0100 Subject: [PATCH 2/2] update titlecase --- .../user-manual/custom-ssl-certificates.mdx | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/pages/data-visualization/user-manual/custom-ssl-certificates.mdx b/pages/data-visualization/user-manual/custom-ssl-certificates.mdx index 0e7d142e5..4978f3344 100644 --- a/pages/data-visualization/user-manual/custom-ssl-certificates.mdx +++ b/pages/data-visualization/user-manual/custom-ssl-certificates.mdx @@ -3,17 +3,21 @@ title: Custom SSL certificates description: Use your own SSL certificate to use Memgraph Lab with HTTPS protocol. --- -## Instantiating Memgraph Lab with Custom SSL Certificate +## Instantiating Memgraph Lab with custom SSL certificate Memgraph Lab supports using custom SSL certificates, ensuring secure communication over HTTPS. To set up SSL on Memgraph Lab you will need to configure a Dockerfile using a valid SSL certificate. -### Options for Generating SSL Certificates +### Options for generating SSL certificates + +There are various options to generate SSL certificates. Check out the steps on +how to do that with [OpenSSL](#openssl) and [Let's Encrypt](#lets-encrypt). -You have several options for generating SSL certificates: #### OpenSSL -OpenSSL is a widely used tool for generating SSL certificates. You can create a self-signed certificate using the following commands: +[OpenSSL](https://github.com/openssl/openssl) is a widely used tool for +generating SSL certificates. You can create a self-signed certificate using the +following commands: 1. Generate a private key: ```bash @@ -69,7 +73,7 @@ COPY ssl/ ./myssl/ EXPOSE 3000 ``` -#### Building and Running the Docker Container +#### Building and running the Docker container 1. **Create the SSL Directory**: Make sure your SSL certificate and key are placed in a directory specified as `COPY` source in your Dockerfile.