SSL communication
You can communicate with Collaboration Server On-Premises using secure connections. To achieve this, you must set up a load balancer like NGINX
or HAProxy
with your SSL certificate.
You can find HAProxy
and NGINX
configuration examples below.
If you do not set the X-Forwarded-Proto
and Host
headers in your load balancer configuration, you will probably have problems with wrong URLs returned after the image upload or proper Management Panel
work. It is recommended to set these headers. If you cannot do this, override the external endpoint with the APPLICATION_EXTERNAL_ENDPOINT
variable to fix wrong URLs.
# HAProxy
example
Here is a basic HAProxy
configuration:
global
daemon
maxconn 256
tune.ssl.default-dh-param 2048
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
bind *:443 ssl crt /etc/ssl/your_certificate.pem
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
redirect scheme https if !{ ssl_fc }
default_backend servers
backend servers
server server1 127.0.0.1:8000 maxconn 32
# NGINX
example
Here is a basic NGINX
configuration:
events {
worker_connections 1024;
}
http {
server {
server_name your.domain.name;
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_cert.crt;
ssl_certificate_key /etc/ssl/your_cert_key.key;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
}
}
}