Skip to main content
Quick navigation

HTTPS Configuration

To configure Conduktor Console to respond to HTTPS requests, you have to define a certificate and a private key. The server certificate is a public entity. It is sent to every client that connects to the server, and it should be provided as a PEM file.

Configuration properties are:

  • platform.https.cert.path or environment variable CDK_PLATFORM_HTTPS_CERT_PATH : path to server certificate file
  • platform.https.key.path or environment variable CDK_PLATFORM_HTTPS_KEY_PATH : path to server private key file
note

The certificate and private key files must allow read from user conduktor-platform (uid 10001 gid 0), but don't need to be readable system-wide.

Example configuration using docker-compose

In this example server certificate and key are stored in files server.crt and server.key in the same directory as the docker-compose file.

services:
conduktor-console:
image: conduktor/conduktor-console
ports:
- 8080:8080
volumes:
- type: bind
source: ./server.crt
target: /opt/conduktor/certs/server.crt
read_only: true
- type: bind
source: ./server.key
target: /opt/conduktor/certs/server.key
read_only: true
environment:
CDK_PLATFORM_HTTPS_CERT_PATH: '/opt/conduktor/certs/server.crt'
CDK_PLATFORM_HTTPS_KEY_PATH: '/opt/conduktor/certs/server.key'

In the case of the Monitoring image conduktor/conduktor-console-cortex running as well, you need to provide the CA public certificate to the monitoring image to allow metrics scraping on HTTPS.

 services:
conduktor-console:
image: conduktor/conduktor-console
ports:
- 8080:8080
volumes:
- type: bind
source: ./server.crt
target: /opt/conduktor/certs/server.crt
read_only: true
- type: bind
source: ./server.key
target: /opt/conduktor/certs/server.key
read_only: true
environment:
# HTTPS configuration
CDK_PLATFORM_HTTPS_CERT_PATH: '/opt/conduktor/certs/server.crt'
CDK_PLATFORM_HTTPS_KEY_PATH: '/opt/conduktor/certs/server.key'
# monitoring configuration
CDK_MONITORING_CORTEX-URL: http://conduktor-monitoring:9009/
CDK_MONITORING_ALERT-MANAGER-URL: http://conduktor-monitoring:9010/
CDK_MONITORING_CALLBACK-URL: https://conduktor-console:8080/monitoring/api/
CDK_MONITORING_NOTIFICATIONS-CALLBACK-URL: http://localhost:8080

conduktor-monitoring:
image: conduktor/conduktor-console-cortex
volumes:
- type: bind
source: ./server.crt
target: /opt/conduktor/certs/server.crt
read_only: true
environment:
CDK_CONSOLE-URL: "https://conduktor-console:8080"
CDK_SCRAPER_SKIPSSLCHECK: "false" # can be set to true if you don't want to check the certificate
CDK_SCRAPER_CAFILE: "/opt/conduktor/certs/server.crt"