search

yuzutech / kroki

Creates diagrams from textual descriptions!
https://kroki.io
MIT License
2.79k stars 206 forks source link

How to run as https with Docker Kroki #787

Closed KHeresy closed 2 years ago

KHeresy commented 3 years ago

I am a user of Docker version of Kroki.

I run the service as the example command: docker run -p8080:8000 -d yuzutech/kroki.

It works in http, but now I want to switch to https with my own SSL certificate files.

Cloud please tell me how to do this?

I had tried to read the official documents, but not luck.

Thanks.

ggrossetie commented 3 years ago

Hi @KHeresy, for now you will need to setup a NGINX container (or similar) in front of Kroki to secure HTTP traffic. If you are using Kubernetes, you can probably use an Ingress to do that: https://kubernetes.io/docs/concepts/services-networking/ingress/

Having said that, it's possible to configure Vert.x to enable SSL but this feature is not made available by the Kroki server: https://vertx.io/docs/vertx-core/java/#_enabling_ssltls_on_the_server

I would support a pull request that allow to enable SSL on the Kroki server.

KHeresy commented 3 years ago

Thanks for your advice. I will try to use NGINX.

amirabramovich commented 2 years ago

Hi @Mogztter , I would like to add SSL support to the Kroki server, can you please advise how should we pass the details of the certificate? (the path to the Keystore and its password)

ggrossetie commented 2 years ago

I would like to add SSL support to the Kroki server, can you please advise how should we pass the details of the certificate? (the path to the Keystore and its password)

In my experience, it's less practical to use a Keystore because you need to mount a volume with the Keystore file. I find it easier to pass the certificate and key value as string using environement variables.

I guess we could support both options but first we should support certificate/key value using environment variables:

val keyValue = config.getString("KROKI_SSL_KEY", "")
val certValue = config.getString("KROKI_SSL_CERT", "")

You can then configure Vert.x using:

HttpServerOptions()
.setSsl(true)
.setPemKeyCertOptions(
  PemKeyCertOptions()
    .setKeyValue(keyValue)
    .setCertValue(certValue)
)

We will also probably need an environment variable to enable SSL explicitly, something like KROKI_SSL=true.

When KROKI_SSL is true, then we can get the certificate and key value and enable the SSL on the HTTP server.