Question: using a local (and self-signed) certificate in containerized FLAT

[pirolen]

I wonder what thespecific steps are to use a self-signed certificate in a containerized FLAT instance in production. The amount of end users is going to be low. The server has Ubuntu 20.

1. Is the making of the certificate standard, and should happen using nginx as webserver?
2. How to specify the certificate for a containerized FLAT?

Many thanks!

[proycon]

You're better off getting a proper (free!) certificate from for instance letsencrypt.org rather than using self-signed ones. Self-signed certificated are, by design, very inconvenient for end-users (they'll get a security warning).

As to the deployment specifics, handling SSL is the work of the reverse proxy. Your reverse proxy (can be nginx, or apache or whatever you prefer) handles SSL and forwards traffic to the FLAT container (the last stage is local and unencrypted). The container itself is entirely unaware the encryption details and doesn't handle SSL itself,

I recommend checking out https://letsencrypt.org , do you have system administrators to help you in this?

[pirolen]

Apologies, I forgot a probably important detail: the host machine, ie. its domain have a proper certificate, I wonder if FLAT on a specific port would need a local certificate too.

[proycon]

The idea is that you have a reverse proxy on the main host, with proper certificate, running on the standard port (443). If you don't have a dedicated subdomain for FLAT you can always just append something like /flat/ to the domain. Traffic to that endpoint should then be forwarded to the container. The ports used for that are only exposed internally.

[pirolen]

Thanks, closing the ticket now.