guideSSL communication

You can communicate with CKEditor Cloud Services On-Premises using secure connections. To achieve this, you must set up a load balancer like NGINX or HAProxy with your SSL certificate.

You can find HAProxy and NGINX configuration examples below.

If you do not set the X-Forwarded-Proto and Host headers in your load balancer configuration, you will probably have problems with wrong URLs returned after the image upload. It is recommended to set these headers. If you cannot do this, use the application_external_endpoint variable to fix wrong URLs.

# HAProxy example

Here is a basic HAProxy configuration:

global
    daemon
    maxconn 256
    tune.ssl.default-dh-param 2048

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms

frontend http-in
    bind *:80
    bind *:443 ssl crt /etc/ssl/your_certificate.pem
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
    redirect scheme https if !{ ssl_fc }

    default_backend servers

backend servers
    server server1 127.0.0.1:8000 maxconn 32

# NGINX example

Here is a basic NGINX configuration:

events {
    worker_connections  1024;
}

http {
    server {
        server_name your.domain.name;

        listen 443;
        ssl on;
        ssl_certificate /etc/ssl/your_cert.crt;
        ssl_certificate_key /etc/ssl/your_cert_key.key;

        location / {
            proxy_pass http://127.0.0.1:8000;

            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_http_version 1.1;
        }
    }
}