HTTPS support in gateway

[ppradela]

Is it possible to configure ssl in gateway service? How to add additional config (https://spring.io/blog/2023/06/07/securing-spring-boot-applications-with-ssl)? I have tried to bind ssl.yml:/etc/geoserver/ssl.yml and added JAVA_OPTS: "-Dspring.config.additional-location=/etc/geoserver/ssl.yml" in docker-compose.yaml but gateway container doesn't load it. I bind ./server.p12:/etc/geoserver/server.p12 and change classpath:server.p12 to file:/etc/geoserver/server.p12 in ssl.yml config. I am not familiar with Spring. Can anybody help me?

[sameersheikh22]

@ppradela I'm currently facing the same issue. Did you manage to get any help or find a solution?

[ppradela]

@sameersheikh22 I am using a caddy as a reverse proxy for now. A caddy container has to be in the same container network. My Caddyfile looks like:

gscloud.example.com { tls cert.pem key.pem reverse_proxy webui:8080 reverse_proxy /ows gateway:8080 reverse_proxy /gwc gateway:8080 }

[Ravi-170524]

@ppradela we are getting below error for this caddyfile caddyfile:: geoserver-cloud.example.com { tls /etc/letsencrypt/live/geoserver-cloud.example.com/fullchain.pem /etc/letsencrypt/live/geoserver-cloud.example.com/privkey.pem reverse_proxy localhost:9090 { header_up X-Forwarded-Host {host} } } Error: Can anyone help me!

[ppradela]

@Ravi-170524 Compare my Caddyfile to your. You have to do reverse_proxy directly to webui for the geoserver admin interface and another route for services. This error appears because you do reverse_proxy to gateway container and gateway container does proxy for all services. The traffic goes: client--https-->caddy--http-->gateway --https-->webui so it is not encrypted on the whole path but if you use my example you will not get this error.

[Ravi-170524]

@ppradela Thanks , It is working fine