TLS/SSL

Overview

This section presents ways to configure a secure connection (HTTPS) to the WorkflowGen container using a certificate. With Docker, containers run on an internal network, and only exposed ports will be available publicly. Therefore, you can't set up a TLS connection on one container only; you have to do it for all the containers, but this method doesn't scale well.

Use an Nginx container

This method uses the Nginx web server as a reverse proxy configured with a TLS connection that will redirect all traffic to the WorkflowGen container(s). This method can be applied regardless of whether you have orchestration or not.

See the following pages for more information:

Use Traefik

Traefik is a reverse proxy that handles routing, TLS termination, and load balancing, among other things. It's available as a container and you can use it in front of the WorkflowGen container. For more information about Traefik, see its documentation page.

Use Azure Application Gateway

In Azure, you can use the Application Gateway service in order to get a TLS connection for domains that you own. See the Overview of TLS termination and end to end TLS with Application Gateway Microsoft article to get you started.

Kubernetes

For more information and recommendations about TLS/SSL handling in Kubernetes, see the TLS/SSL page in the Kubernetes section.