Skip to main content

Configuring TLS for the Web Server in a Web Gateway Container

Configuring TLS for the Web Server in a Web Gateway Container

The following procedure demonstrates configuring TLS for the web server within the Web Gateway container. If you are not employing the webgateway or webgateway-lockeddown images, adjustments may be necessary based on your specific setup or use case.

  • Prepare the Durable Web Gateway Directory

    • InterSystems recommends production sets up a durable data directory that contains the configuration files CSP.ini and CSP.conf. These files store the container's persistent configuration and are necessary for a functional Web Gateway container. Housing them in a durable data directory allows the files to persist beyond the container’s lifetime.

    • If a durable data directory does not exist, you must create a persistent volume containing your configuration files. Upon deployment, the container will create the durable data directory. For more information, refer to the documentationOpens in a new tab for setting one up.

  • Add TLS Certificate and Key Files

    • Place your TLS certificate and key files into your durable data directory.

    • Note the filenames and their locations within the container's filesystem. These paths will need to be referenced in the CSP.conf configuration file.

  • Update Configuration for TLS

    • Open the CSP.conf file in the durable data directory.

    • Update the file to include the required TLS configuration directives. If you are using a Web Gateway container image which includes an Apache web server, refer to Apache's SSL/TLS documentationOpens in a new tab as a guide.

      • If available, example configurations such as default-ssl.conf or httpd-ssl.conf can provide guidance. However, the naming and availability of these files vary depending on the Apache installation. Primarily refer to Apache’s official documentation for guidance.

  • Add the –ssl ENTRYPOINT Option

    • When running the Web Gateway container (for example, using docker run or a docker-compose YAML file), include the --ssl ENTRYPOINT option.

      • Before starting your container, it must be fully configured. If you modify configurations after starting the container, you must restart the container for changes to take effect.

FeedbackOpens in a new tab