CKBox On-Premises SSL communication
You can communicate with CKBox On-Premises using secure connections. To achieve this, you need to set up a load balancer like NGINX
or HAProxy
with your SSL certificate.
You can find the HAProxy
and NGINX
configuration examples below.
# HAProxy
example
Here is a basic HAProxy
configuration:
global
daemon
maxconn 256
tune.ssl.default-dh-param 2048
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
bind *:443 ssl crt /etc/ssl/your_certificate.pem
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
redirect scheme https if !{ ssl_fc }
default_backend servers
backend servers
server server1 127.0.0.1:8080 maxconn 32
# NGINX
example
Here is a basic NGINX
configuration:
events {
worker_connections 1024;
}
http {
server {
server_name your.domain.name;
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_cert.crt;
ssl_certificate_key /etc/ssl/your_cert_key.key;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
}
}
}