mirror of
https://github.com/ChristianLight/tutor.git
synced 2024-09-27 19:59:02 +00:00
docs: clarify how to use custom ssl certificates
I realized that the docs were very unclear, contradictory and misleading on the topic of SSL/TLS termination and web proxies. See: https://discuss.overhang.io/t/why-caddy-nginx/1952/10
This commit is contained in:
parent
e7b455485d
commit
c1e63c873a
@ -183,7 +183,7 @@ SSL/TLS certificates for HTTPS access
|
||||
|
||||
- ``ENABLE_HTTPS`` (default: ``false``)
|
||||
|
||||
By activating this feature, a free SSL/TLS certificate from the `Let's Encrypt <https://letsencrypt.org/>`_ certificate authority will be created for your platform. With this feature, **your platform will no longer be accessible in HTTP**. Calls to http urls will be redirected to https url.
|
||||
When ``ENABLE_HTTPS`` is ``true``, the whole Open edX platform will be reconfigured to work with "https" URIs. Calls to "http" URIs will be redirected to "https". By default, SSL/TLS certificates will automatically be generated by Tutor (thanks to `Caddy <https://caddyserver.com/>`__) from the `Let's Encrypt <https://letsencrypt.org/>`_ certificate authority.
|
||||
|
||||
The following DNS records must exist and point to your server::
|
||||
|
||||
@ -193,7 +193,7 @@ The following DNS records must exist and point to your server::
|
||||
|
||||
Thus, **this feature will (probably) not work in development** because the DNS records will (probably) not point to your development machine.
|
||||
|
||||
The SSL/TLS certificates will automatically be generated and updated by the Caddy proxy server container at runtime. Thus, as of v11.0.0 you no longer have to generate the certificates manually.
|
||||
If you would like to perform SSL/TLS termination with your own custom certificates, you will have to keep ``ENABLE_HTTPS=true`` and turn off the Caddy server with ``RUN_CADDY=false``. See the corresponding :ref:`tutorial <web_proxy>` for more information.
|
||||
|
||||
.. _customise:
|
||||
|
||||
|
@ -180,7 +180,7 @@ Guides
|
||||
Running Open edX behind a web proxy
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The containerized web server ([Caddy](caddyserver.com/)) needs to listen to ports 80 and 443 on the host. If there is already a webserver running on the host, such as Apache or Nginx, the caddy container will not be able to start. Tutor supports running behind a web proxy. To do so, add the following configuration::
|
||||
The containerized web server (`Caddy <https://caddyserver.com/>`__) needs to listen to ports 80 and 443 on the host in order to serve requests. If there is already a webserver running on the host, such as Apache or Nginx, the caddy container will not be able to start. Tutor supports running behind a web proxy. To do so, add the following configuration::
|
||||
|
||||
tutor config save --set RUN_CADDY=false --set NGINX_HTTP_PORT=81
|
||||
|
||||
@ -191,6 +191,8 @@ In this example, the nginx container port would be mapped to 81 instead of 80. Y
|
||||
|
||||
tutor config save --set NGINX_HTTP_PORT=127.0.0.1:81
|
||||
|
||||
The same solution applies if you would like to enable https in Tutor, but with your own custom certificates instead of Let's Encrypt's. In that case, you should keep ``ENABLE_HTTPS=true``, disable Caddy (``RUN_CADDY=false``) and configure your own web proxy on the host (or elsewhere) to serve requests using your own certificates.
|
||||
|
||||
Running multiple Open edX platforms on a single server
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user