Skip to main content

HTTPS Configuration Guide

Standalone Version Supports HTTPS Access

1. Preparation

  • Layer-7 proxy (Nginx, LB, etc.)

  • Access domain name and certificate

2. Operation

  1. Execute cd /data/tencent/weda to switch to the installation directory;

  2. Execute vim config.yaml to edit the config.yaml file;

  3. Modify the config.yaml file as follows:

domainProtocol: https
domain: <Replace with your https access domain>
domainPort: 443
serverPort: 8080

  1. Execute ./upgrade.sh in the current directory to restart the service and apply the configuration

  2. Configure proxy forwarding (Here we take Nginx as an example; for LB configuration, set up the certificate based on the actual situation and forward to http://<VM IP>:8080.)

nginx.conf

# Global Configuration
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Event Module Configuration
events {
    worker_connections 1024;
}

# HTTP Module Configuration
http {
    # MIME Type Mapping
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Log Format
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    # Access Log
    access_log /var/log/nginx/access.log main;

    # Gzip Compression
    gzip on;
    gzip_comp_level 5;
    gzip_min_length 256;
    gzip_proxied any;

    # The body size must be set, otherwise publishing the application will report an error.
    client_max_body_size 500m;
    client_body_buffer_size 10m;
    gzip_types application/javascript application/json application/xml
               application/xhtml+xml text/css text/plain text/xml;

    server {
        listen 443 ssl;
        server_name <replace with your access domain>; # <- Change this to match server_name above

        # SSL Certificate and Private Key
        ssl_certificate /etc/nginx/certs/server.crt; # <- Change this to your .crt file name
        ssl_certificate_key /etc/nginx/certs/server.key; # <- Change this to your .key file name

        # Root Path Proxy
        location / {
            proxy_pass http://<replace with VM IP address>:8080; # <== weda service ip
            proxy_set_header X-Forwarded-Proto $scheme; # Key: Pass the original protocol
            proxy_set_header Host       $http_host;
        }
    }
}

Certificate storage path

/etc/nginx
    ├── certs
    │   ├── server.cert
    │   └── server.key
    └── nginx.conf
  1. After the rules are configured and domain name resolution is set up, you can access using https://<access domain>/dev/