Docker container - enable TLS/HTTPS on private web server

Question

Question

John McBride · Apr 13, 2023

#Docker #SSL #InterSystems IRIS for Health

Hello,

I have Iris4Health community version (using for some development) running in a docker container and trying to enable TLS/SSL/HTTPS in the container. I have created the SSL cert chain (root ca/web site cert) via open SSL have the http.conf and http-local.conf file loaded on a durable volume. I have also loaded the root CA in the trusted root cert store on the device that is connecting.

After inspecting the logs it looks like apache has loaded the certs and is listening on the correct port, but I am unable to connect to the mgmt portal via SSL.

Is there anything specific that has to be done in order to get the certs working on the docker instance? Do you need to load the docker instance with a -ssl option? (I read that that is only specific if you're running web-gateway proper in a docker container)

I have loaded the certs in httpd-local.conf using the following

SSLCertificateFile "<my site cert file>"
SSLCertificateKeyFile "<my site cert key file>"
SSLCACertificateFile "<my root cert file>"

Product version: IRIS 2022.3

Discussion (2)1

Log in or sign up to continue

score 0 · Answer 1 · 2023-04-13T13:46:13-04:00

John,

I think you are on the right track, because creating all those certficates is the hardest part of using TLS/SSL. I am assuming you a running the Apache Web Server in a separate container from IRIS4Health but even if you are not you need to use the Web Gateway to establish secure transport from the Web Server to the IRIS4Health container. You can learn more about the Web Gateway here: https://docs.intersystems.com/irisforhealth20223/csp/docbook/DocBook.UI....

I key part of configuring the Server Access for TLS/SSL access is configuring the Connection Security. Here is an example of a deployment I used below:

Spoiler

Populating the paths to the certificates you created in the Web Gateway should enable a secure TLS/SSL connection. Good Luck.

score 0 · Answer 2 · 2023-04-14T01:24:09-04:00

Hi Patrick - Thanks for the response. I am currently just one container, not really seperating out the webgateway just yet. Right now i'm just using the priate web server contained within the iris4health container.

With that being said, do I still need to add the ssl/tls items into the webgateway config. I thought that was just to secure the communication between the webgateway and the iris server?