Enable SSL for tasklist, operate for camunda 8.5

Sarthak_Saumya · June 15, 2024, 8:55pm

I am doing POC for a client and i need to enable SSL for operate, tasklist, identity…is there any reference for that??
For POC i am using docker to insyall camunda 8.5 and I was able to enable SSL for Keycloak but as i add it tasklist it stops working…i have tried two methods to add ssl…please provide me where to add SSL if i am doing it wrong

tasklist:
image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION}
container_name: tasklist
ports:
- “${TASKLIST_PORT}:8080”
- “15009:8443”
environment:
- CAMUNDA_TASKLIST_ZEEBE_GATEWAYADDRESS=zeebe:26500
- CAMUNDA_TASKLIST_ZEEBE_RESTADDRESS=http://zeebe:8080
- ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID}
- ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET}
- ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache
- ZEEBE_TOKEN_AUDIENCE=zeebe-api
- ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token
- CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200
- CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
- SPRING_PROFILES_ACTIVE=identity-auth
- CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084
- CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=https://${HOST}:${KEYCLOAK_PORT}/auth/realms/camunda-platform
- CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform
- CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist
- CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=some_secert_here
- CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api
- CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED}
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs
- CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED}
- management.endpoints.web.exposure.include=health
- management.endpoint.health.probes.enabled=true
- SPRING_APPLICATION_JSON={“server.ssl.key-store”:“/usr/local/tasklist/config/keystore.jks”,
“server.ssl.key-store-type”:“jks”,
“server.ssl.key-store-password”:“password”,
“server.ssl.key-password”:“password”,
“server.ssl.key-alias”:“myalias”,
“server.port”:“8443”,
“server.ssl.enabled”:“true”,
“server.ssl.enabled-protocols”:“TLSv1.2,TLSv1.3”,
}

I also added ssl using this way, i removed - SPRING_APPLICATION_JSON and added this
- SERVER_SSL_ENABLED=true
- SERVER_SSL_KEY_STORE=/usr/local/tasklist/certs/server.p12
- SERVER_SSL_KEY_STORE_PASSWORD=some_password_here

marcosgvieira · June 17, 2024, 10:02am

Hi @Sarthak_Saumya, can you share details of the error you are facing (logs, stacks)

If you want to use SSL I would recommend having a look in this article (it would be more consistent with a production environment - k8s using ingress) - Operate/Tasklist would not require extra configuration.

Sarthak_Saumya · June 26, 2024, 10:52am

i am not getting any error…it is just that application are not starting…when i saw the logs…it just try to restart every few second…
are the enviroment variables corrrect for adding ssl certifcates??

system · September 24, 2024, 10:53am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.