Skip to main content

HTTPS Configuration Guide

Standalone Version Supports HTTPS Access

1. Preparation

  • Layer-7 proxy (Nginx, LB, etc.)

  • Access domain name and certificate

2. Operation

  1. Execute cd /data/tencent/weda to switch to the installation directory;

  2. Execute vim config.yaml to edit the config.yaml file;

  3. Modify the config.yaml file as follows:

domainProtocol: https
domain: <Replace with your https access domain>
domainPort: 443
serverPort: 8080
  1. Execute ./upgrade.sh in the current directory to restart the service and apply the configuration

  2. Configure proxy forwarding (Here we take Nginx as an example; for LB configuration, set up the certificate based on the actual situation and forward to http://<VM IP>:8080.)

nginx.conf

# Global Configuration
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Event Module Configuration
events {
worker_connections 1024;
}

# HTTP Module Configuration
http {
# MIME Type Mapping
include /etc/nginx/mime.types;
default_type application/octet-stream;

# Log Format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

# Access Log
access_log /var/log/nginx/access.log main;

# Gzip Compression
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;

# The body size must be set, otherwise publishing the application will report an error.
client_max_body_size 500m;
client_body_buffer_size 10m;
gzip_types application/javascript application/json application/xml
application/xhtml+xml text/css text/plain text/xml;

server {
listen 443 ssl;
server_name <replace with your access domain>; # <- Change this to match server_name above

# SSL Certificate and Private Key
ssl_certificate /etc/nginx/certs/server.crt; # <- Change this to your .crt file name
ssl_certificate_key /etc/nginx/certs/server.key; # <- Change this to your .key file name

# Root Path Proxy
location / {
proxy_pass http://<replace with VM IP address>:8080; # <== weda service ip
proxy_set_header X-Forwarded-Proto $scheme; # Key: Pass the original protocol
proxy_set_header Host $http_host;
}
}
}

Certificate storage path

/etc/nginx
├── certs
│ ├── server.cert
│ └── server.key
└── nginx.conf
  1. After the rules are configured and domain name resolution is set up, you can access using https://<access domain>/dev/