Skip to content

Commit 6f57901

Browse files
mintlify[bot]mintlify[bot]
authored
Add manual TLS setup section to documentation (DOC-133) (#234)
1 parent 9fc9043 commit 6f57901

File tree

1 file changed

+21
-1
lines changed

1 file changed

+21
-1
lines changed

snippets/tls.mdx

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,10 @@
1+
import RestartContainers from '/snippets/restart-containers.mdx'
2+
13
## Enabling TLS
24

3-
For production usage, it’s recommended to enable TLS (HTTPS). In addition to the security aspect, this also ensures that [workflow templates](/workflow-management/workflow-templates/) load properly in all browsers.
5+
For production usage, it's recommended to enable TLS (HTTPS). In addition to the security aspect, this also ensures that [workflow templates](/workflow-management/workflow-templates/) load properly in all browsers.
6+
7+
### Automatically
48

59
The easiest way to enable TLS is to use an OpenOps script that requests and sets up a TLS certificate from Let's Encrypt. Before running the script, make sure you have a domain name that points to your {target}'s external IP address. If you're configuring DNS right before running the script, you may need to wait for the DNS change to propagate.
610

@@ -14,3 +18,19 @@ The easiest way to enable TLS is to use an OpenOps script that requests and sets
1418
The script will use the Certbot library to request a certificate for your domain from Let's Encrypt. It receives and saves the certificate, updates the OpenOps configuration file accordingly, and restarts OpenOps.
1519

1620
By default, the certificate expires in 3 months. See https://certbot.org/renewal-setup if you want to configure auto-renewal.
21+
22+
### Manually
23+
24+
Alternatively, you can create a TLS certificate yourself. This lets you use DNS validation from Let's Encrypt (rather than the HTTP validation the automatic script performs) or request a certificate from a different provider.
25+
26+
To set up TLS manually:
27+
28+
1. Obtain certificate and private key files from your certificate provider.
29+
2. Upload the certificate files to your OpenOps installation under the `tls` directory:
30+
* `<OpenOps installation path>/tls/cert.pem` (certificate file)
31+
* `<OpenOps installation path>/tls/key.pem` (private key file)
32+
3. Open the `.env` file in your OpenOps installation directory and update the following variables:
33+
* Set `OPS_NGINX_CONFIG_FILE` to `nginx.gateway.tls.conf`
34+
* Set `OPS_PUBLIC_URL` to the secure URL of your OpenOps installation (e.g. `https://openops.example.com`)
35+
36+
<RestartContainers />

0 commit comments

Comments
 (0)