guideSSL communication

You can communicate with Collaboration Server On-Premises using secure connections. To achieve this, you must set up a load balancer like NGINX or HAProxy with your SSL certificate.

You can find HAProxy and NGINX configuration examples below.

If you do not set the X-Forwarded-Proto and Host headers in your load balancer configuration, you will probably have problems with wrong URLs returned after the image upload or proper Management Panel work. It is recommended to set these headers. If you cannot do this, override the external endpoint with the APPLICATION_EXTERNAL_ENDPOINT variable to fix wrong URLs.

# HAProxy example

Here is a basic HAProxy configuration:

    maxconn 256
    tune.ssl.default-dh-param 2048

    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms

frontend http-in
    bind *:80
    bind *:443 ssl crt /etc/ssl/your_certificate.pem
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
    redirect scheme https if !{ ssl_fc }

    default_backend servers

backend servers
    server server1 maxconn 32

# NGINX example

Here is a basic NGINX configuration:

events {
    worker_connections  1024;

http {
    server {

        listen 443;
        ssl on;
        ssl_certificate /etc/ssl/your_cert.crt;
        ssl_certificate_key /etc/ssl/your_cert_key.key;

        location / {

            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_http_version 1.1;