.png?sv=2022-11-02&ss=b&srt=o&spr=https&st=2024-05-18T23%3A31%3A25Z&se=2024-05-18T23%3A41%3A25Z&sp=r&sig=grGqcQVPxoU7LnrY3JLvoMLtCntUBLpYm%2BKBcJ43zL8%3D){kind=logo}
HTTPS Configuration
- 03 May 2024
-
DarkLight
-
PDF
HTTPS Configuration
- Updated on 03 May 2024
-
DarkLight
-
PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Automation Gateway uses Gunicorn to serve Web Server Gateway Interface (WSGI) web requests to the backend python application.
-
For production instances of IAG you may want to use Nginx as a front-end proxy to Gunicorn. For more information on Nginx deployments with Gunicorn refer to the Gunicorn deployment site.
-
If using a front-end proxy, enable HTTPS/TLS settings and use a Unix-style socket bind for IAG.
⚠ Refer to the General Prerequisites page for information regarding the Software Repository and Registry Credentials that can be used with the various IAG installation methods.
Basic HTTPS Configuration Options
To configure the SSL certificate and key files in the properties.yml file:
################
# SSL Settings #
################
# To start the server using SSL/TLS please fill out the following properties.
#server_certfile: "/app/cert.pem"
# Note: gunicorn does not currently support encrypted key files.
#server_keyfile: "/app/key.pem"
#server_cabundle: "~/cabundle.crt"
# TLSv1_2
#server_ssl_version: "TLSv1_2"
# You may also set custom SSL Ciphers.
#
# https://docs.gunicorn.org/en/20.x/settings.html#ciphers
#
# server_ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:...""
To restart the automation-gateway application to serve traffic over HTTPS:
systemctl restart automation-gateway
Configuring IAG to Bind to a UNIX Socket
Use a unix:// style bind string set in a bind_address to bind the socket and give it a unique name. Using local sockets is more performant and may be more secure than using TCP proxies when using Nginx or another front-end proxy.
Below is an example of using a Unix-style socket bind.
bind_address: "unix:///tmp/gunicorn.sock"
Was this article helpful?
