GenSynth Documentation

Configuring GenSynth with HTTPS

When you enable HTTPS, an additional container that provides an nginx reverse-proxy is started. The nginx process is automatically configured by the start.sh script to terminate HTTPS at the configured ports and forward the plain HTTP to the peer container (which do not have open ports).

Using HTTPS requires having a hostname for the machine that can be resolved by users' browsers. Before you can successfully run GenSynth with encryption you must also have a certificate for the host name. The preferred way is to get a certificate from a certificate authority such as your cloud provider or other CA (certificate authority). You may create your own self-signed certificate, but users will receive a warning in their browsers.

Once you have the host name and certificate, you need to create some configuration. In the example below, the host name is gensynth.domain.example.com and the certificates have been obtained using the certbot tool from Let's Encrypt, which places the certificates in the folders shown. If you use other methods of certification the file names may be different.

As a minimum configuration, add these lines to your configuration file (e.g., myserver-config.sh):

export GENSYNTH_HOSTNAME=gensynth.domain.example.com
export GENSYNTH_API_HOSTNAME=$GENSYNTH_HOSTNAME

export GENSYNTH_HTTPS_ENABLE=Yes
export GENSYNTH_HTTPS_CERT_FILE=/etc/letsencrypt/live/$GENSYNTH_HOSTNAME/fullchain.pem
export GENSYNTH_HTTPS_KEY_FILE=/etc/letsencrypt/live/$GENSYNTH_HOSTNAME/privkey.pem

By default, the nginx container is called frontend. Use docker ps to ensure it is running and the Docker logs frontend to look for errors.