HTTP and HTTPS
Variants of how to use fylr with and without TLS certificate
Automated HTTPS Certificate
Let fylr get an certificate for you and renew it automatically:
In fylr.yml
:
fylr+:
externalURL: "https://database.example.com"
services+:
webapp+:
addr: ":443"
tls:
# forwardHttpAddr defines an address a http listener is started
# to forward requests to fylr.services.webapp.addr, the (port of the)
# webserver.
#forwardHttpAddr: "" # if letsencrypt: use port 443 for letsencrypt challenge_type=tls-alpn-01
forwardHttpAddr: ":80" # use port 80 (and if letsencrypt: for letsencrpyt challenge_type=http-01)
letsEncrypt:
# use your email address, example.com will we rejected by Letsencrypt
email: [email protected]
# Highly recommended: use useStagingCA: true until you successfully got a
# certificate. (Which means: no connection problems) Then set it to false
# and get a real certificate by restarting fylr.
# useStagingCA sets the staging server of Let's Encrypt which has a higher
# quota than the production server. However, these certificates are for
# testing purposes only. They are not signed for official use, so browser
# will recognise them as being insecure.
useStagingCA: false
# Optional: get additional certificates for the given domains.
additionalDomains:
- "www.database.example.com"
api+:
oauth2Server+:
clients+:
fylr-web-frontend+:
redirectURIs:
- https://database.example.com/oauth2/callback
You provide the HTTPS certificate
Put your certificate and private key in the same directory as
fylr.yml
, in this example the file names arecrt.pem
andkey.pem
.If you need additional certificates of a certificate chain, like intermediate certificates, put them into
crt.pem
, as well. In our test worked to put the most specific certificate first (like for fylr.example.com) and then follow with the certificate that was used to sign the first one (and then the certificate that was used to sign the second one).In
fylr.yml
:
fylr+:
externalURL: "https://database.example.com"
services+:
webapp+:
addr: ":443"
tls:
certFile: "/fylr/config/crt.pem"
keyFile: "/fylr/config/key.pem"
api+:
oauth2Server+:
clients+:
fylr-web-frontend+:
redirectURIs:
- https://database.example.com/oauth2/callback
You provide the service that does HTTPS
We do not recommend this. Using additional proxies and services in front of fylr often leads to hard to debug problems where we cannot help.
In fylr.yml
:
fylr+:
externalURL: "https://database.example.com"
services+:
webapp+:
addr: ":80"
tls:
api+:
oauth2Server+:
clients+:
fylr-web-frontend+:
redirectURIs:
- https://database.example.com/oauth2/callback
No HTTPS
Recommended only for internal use.
In fylr.yml
:
fylr+:
externalURL: "http://database.example.com"
services+:
api+:
oauth2Server+:
# disable the check whether a redirect URL is secure
allowHttpRedirects: true
clients+:
fylr-web-frontend+:
redirectURIs:
- http://database.example.com/oauth2/callback
webapp+:
addr: ":80"
tls:
No HTTPS and domain is localhost
This is the default.
Further reading
Related topic: Multiple DNS domains and changing DNS domains
Last updated