Is it possible to set up SSL for fusionauth directly?
-
I don't want to run a proxy in front of FusionAuth.
-
Yes, you can configure SSL in Tomcat, but it is not recommended as we will replace the server.xml file during upgrades. So you'll need to merge any changes you've made with those we've made.
The best way to set it up will be to use nginx, or apache with TLS and proxy to FusionAuth.
-
I just had to do this with IIS on Windows. Its quite simple and allows you to leave your Tomcat config alone, which for Windows users, is quite daunting and prone to error.
- You will need to install the AAR for IIS: https://blogs.sap.com/2014/11/05/how-to-configure-iis-arr-application-request-routing-to-redirect-to-tomcat/
- And then add the 443 binding to the IIS default website with your own certificate.
This means I can now use my own secure custom domain (I have a wildcard domain) with SSL.
Although, now I'm getting a Proxy Configuration error which kindly gives me instructions to fix, but I can't get it to work yet...
-
Because of how IIS process header (server) variables. You need to append HTTP_ to the headers and change dashes to underscores like so:
<set name="HTTP_X_Forwarded_Proto" value="https" /> <set name="HTTP_X_Forwarded_Host" value="mydomain.com" /> <set name="HTTP_X_Forwarded_Port" value="443" />And now it works. It might be a good idea to add a page on this to the official docs too.
-
@bharnett thanks for sharing this!
I have on my list to write up a proxy guide, but we do outline the headers you need to pass here, in the cluster guide, in the load balancer section: https://fusionauth.io/docs/v1/tech/installation-guide/cluster/#fusionauth-installation
But you are correct, it should be more obvious.
Thanks for sharing what worked for you!
Dan
-
P pclark referenced this topic on
-
We'll be adding native support for TLS in an upcoming release. See this GitHub issue for reference.
https://github.com/FusionAuth/fusionauth-issues/issues/1996 -
@robotdan does this mean a proxy is not required anymore? I've been trying to configure the new https properties without success.
-
@ronn316 Could you please share the link to the documentation for https properties setup?
-
@pradhanv88 it is documented here: https://fusionauth.io/docs/reference/configuration
But there is a bug with TLS in recent versions of FusionAuth: https://github.com/FusionAuth/fusionauth-issues/issues/2498
This is scheduled not for this release, but for the next one.
