I would like to know how to expose tasklist in https instead http.
with port?
How to put the certificate if is needed.
TaskList and Operate installed in docker.
Hi @Eduardo_Baia - the Docker setup is intended for development use. In a production environment, you would probably be putting an ingress controlled in front of your containers that would act as a HTTP load balancer and also enable TLS/SSL. This is available and documented for production installations with Kubernetes and Helm (link).
Hello @nathan.loding,
for development purposes, is there perhaps a guide how to set up TLS for Zeebe, Tasklist, etc. in Docker Compose? In our case, we would like to develop/test this using the development environment (via Compose).
Kind regards,
bpmnenthusiast
@bpmnenthusiast - that’s an interesting question. There is no guide currently, unfortunately. We do have resources for adding certs to a Kubernetes deployment, but that uses an ingress controller and is quite different than a local docker-compose environment.
Will you be deploying to production using Docker also?
Hello @nathan.loding,
ah, I see. Yes, thanks, I have seen the guide using the the Kubernetes ingress controller.
No, production will use Kubernetes and Helm. Docker Compose is only for the local development.
Kind regards,
bpmnenthusiast
@bpmnenthusiast - because the deployed environment won’t match the local environment (at least in terms of how the certificates work), I personally don’t think there’s enough value in getting TLS/SSL working for the local Docker configuration. And I think that’s why support for it isn’t already included. However, if you do see value in it still, I can see what information I can find!
Hello @nathan.loding,
thank you, I understand what you mean - it is some overhead setting the certificates up on a local environment, which won’t in the end match the production environment.
In our case, due to other teams being involved with different priorities, etc. I wanted to do this overhead so that I am able to develop the client side without interruptions. So, from my side it would be great if you could find some information on the setup in Docker Compose.
Many thanks and kind regards,
bpmnenthusiast
@bpmnenthusiast - since we use Spring Boot, it looks like you should be able to enable TLS/SSL using its configuration options for each of the Camunda components (Optimize, Tasklist, etc.): https://www.baeldung.com/spring-boot-https-self-signed-certificate#enabling-https-in-spring-boot
In Docker, it would be using environment variables that look like this:
- SERVER_SSL_CERTIFICATE=/optimize/config/certs/domain.crt
- SERVER_SSL_CERTIFICATEPRIVATEKEY=/optimize/config/certs/domain.key
Of course, you need to make sure the .crt and .key files are copied into your containers. Let me know if you run into any issues!