Installing Your Own SSL Certificate to the FAST Node¶
Prerequisites
This guide assumes that:
- Your browser is configured to use a FAST node as an HTTP or HTTPS proxy.
- Your browser already trusts the SSL certificate you are going to install for the FAST node.
Certificate requirements
To successfully complete this installation, your SSL certificate must be either a root certificate or an intermediate certificate.
The certificate and the corresponding private key must be encoded using PEM. If your certificate has a different encoding, you can use any available certificate conversion tool, such as OpenSSL to convert it to a PEM encoded certificate.
Installing SSL Certificate¶
To install an SSL certificate to th FAST node, follow these steps:
-
Make sure that you already have an SSL certificate, as well as the private key that signed the certificate, in the PEM format.
-
Place the certificate file and the key file in the same directory on the Docker host. It will be necessary to mount this directory to the Docker container with the FAST node in the next steps.
-
Specify the FAST node where the certificate and key are located using the following environment variables:
In the lines above, replace the values
<internal path to the certificate>
and<internal path to the key>
with the expected path to the certificate and key after mounting the directory in the Docker container. -
Deploy the Docker container with the FAST node by running the following command:
docker run --name <name> \ -e WALLARM_API_TOKEN=<token> \ -e ALLOWED_HOSTS=<host list> \ -e CA_CERT=<internal path to the certificate> \ -e CA_KEY=<internal path to the key> \ -v <path to the directory with the certificate and key>:<internal path to the directory> \ -p <publishing port>:8080 \ wallarm/fast
This command defines the following parameters:
- The container's name.
- The token and host list of the target application using the
WALLARM_API_TOKEN
andALLOWED_HOSTS
environment variables (the last one is not mandatory). - The location of the SSL certificate file inside the container by using the
CA_CERT
variable. - The location of the private key file inside the container by using the
CA_KEY
variable. - The application publishing port.
Use the
-v
option of thedocker run
command to mount the Docker host's directory<path to the directory with the certificate and key>
in the container. The contents of this directory become available inside the container on the path<internal path to the directory>
.Note
The paths to the certificate and key files specified with the
CA_CERT
andCA_KEY
environment variables must point to the files in the<internal path to the directory>
parameter that you specified with the-v
option of thedocker run
command.
Now your SSL certificate should be successfully installed. Your FAST node instance will now proxy HTTPS requests without any untrusted certificate messages.
An Example of Installing an SSL Certificate.¶
The following is supposed to be the case:
-
The
cert.pem
andcert.key
files with the SSL certificate and corresponding private key are located in the/home/user/certs
directory of the Docker host where the FAST node is launched, -
The contents of the
/home/user/certs
directory will be available inside the container with the FAST node on the/tmp/certs
path, -
The
fast_token
token is used, -
Only
example.com
is included in the host list, and -
The FAST node will run in the container named
fast-node
and its internal port8080
will be published inlocalhost:8080
,
then you need to execute the following command to connect the SSL certificate to the FAST node: