HTTPS Configuration
  • 03 May 2024
  • Dark
    Light
  • PDF

HTTPS Configuration

  • Dark
    Light
  • PDF

Article summary

Automation Gateway uses Gunicorn to serve Web Server Gateway Interface (WSGI) web requests to the backend python application.

  • For production instances of IAG you may want to use Nginx as a front-end proxy to Gunicorn. For more information on Nginx deployments with Gunicorn refer to the Gunicorn deployment site.

  • If using a front-end proxy, enable HTTPS/TLS settings and use a Unix-style socket bind for IAG.

⚠ Refer to the General Prerequisites page for information regarding the Software Repository and Registry Credentials that can be used with the various IAG installation methods.

Basic HTTPS Configuration Options

To configure the SSL certificate and key files in the properties.yml file:

################
# SSL Settings #
################

# To start the server using SSL/TLS please fill out the following properties.
#server_certfile: "/app/cert.pem"

# Note: gunicorn does not currently support encrypted key files.
#server_keyfile: "/app/key.pem"

#server_cabundle: "~/cabundle.crt" 

# TLSv1_2
#server_ssl_version: "TLSv1_2"

# You may also set custom SSL Ciphers.
#
# https://docs.gunicorn.org/en/20.x/settings.html#ciphers
#
# server_ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:...""


To restart the automation-gateway application to serve traffic over HTTPS:

systemctl restart automation-gateway

Configuring IAG to Bind to a UNIX Socket

Use a unix:// style bind string set in a bind_address to bind the socket and give it a unique name. Using local sockets is more performant and may be more secure than using TCP proxies when using Nginx or another front-end proxy.

Below is an example of using a Unix-style socket bind.

bind_address: "unix:///tmp/gunicorn.sock"

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.