Skip to content

Setup with your own certificate

HTTPS Deployment with your own certificates

For deployment of the IXP with your own SSL certificates, download the latest https-owncert compose preset folder here.

After downloading the preset, unzip it, set the unzipped folder as your working directory, and follow the instructions below.

Adding Your Own Certificates

Add fullchain.pem and privkey.pem into the ./certificates directory. If the format of the keys or selection of keys does not suffice, modify the nginx.conf.template file and change the related configuration on the line :32-33.

Notes:

  • Docker compose mounts the ./certificates folder as /etc/nginx/certificates/ in the Nginx container.

  • We recommend enabling HSTS, however we have not included the necessary configuration for this installation option because of the possibility of using self-signed certificates, which do not work with HSTS. If you want to enable this setting, download the other installation option and copy the line from the other nginx.conf.template starting with

    add_header Strict-Transport-Security ...

    and place it in the same 2 places in the current template. When deploying for the first time, we recommend to set the max-age number to a small value, e.g. 300. If everything works correctly, you can increase it back to the original value, which is 1 year.

  • For development purposes, you might want to use self-signed certificates. You can generate them using the following command:

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout privkey.pem -out fullchain.pem \
    -subj "/C=US/ST=State/L=City/O=Organization/OU=Unit/CN=localhost"

Next Steps

After adding the certificates, proceed with the installation as described in the installation guide.

← Installation overview Basic HTTPS