SSL communication
You can communicate with CKEditor Cloud Services On-Premises using secure connections. To achieve this, you must set up a load balancer like NGINX or HAProxy with your SSL certificate.
You can find HAProxy and NGINX configuration examples below.
If you do not set the X-Forwarded-Proto and Host headers in your load balancer configuration, you will probably have problems with wrong URLs returned after the image upload or proper Management Panel work. It is recommended to set these headers. If you cannot do this, use the application_external_endpoint variable to fix wrong URLs.
# HAProxy example
Here is a basic HAProxy configuration:
global
daemon
maxconn 256
tune.ssl.default-dh-param 2048
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
bind *:443 ssl crt /etc/ssl/your_certificate.pem
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
redirect scheme https if !{ ssl_fc }
default_backend servers
backend servers
server server1 127.0.0.1:8000 maxconn 32
# NGINX example
Here is a basic NGINX configuration:
events {
worker_connections 1024;
}
http {
server {
server_name your.domain.name;
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_cert.crt;
ssl_certificate_key /etc/ssl/your_cert_key.key;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
}
}
}