SSL Configuration

Layar supports enabling SSL client access in one of two ways. Restart the stack after performing any of the operations described.

LetsEncrypt

If the server can be accessed via the internet and has a publicly resolvable DNS name then SSL certificates can be self-provisioned via the LetsEncrypt certificate authority. To enable, add the following to the /data/layar/layar.config file:

LETS_ENCRYPT_ENABLED: true

Client-provisioned SSL certificates

Client-provided certificates can be passed to Layar in one of two ways.

Add the certificate to `layar.config`

In /data/layar/layar.config paste the certificate and key file as follows:

SSL_PRIV_KEY: |-
  -----BEGIN PRIVATE KEY-----
  MIIEvQIBADANBgkqhkiG9w .... 

SSL_CERT: |-
   -----BEGIN CERTIFICATE-----
   MIIFHDCCBASgAwIBAgI ...

Note the indent for the contents of the private key and certificate.

Pass certificate via helm CLI

helm upgrade layar vyasa/layar --set-file SSL_PRIV_KEY=/path/to/server.key --set-file SSL_CERT=/path/to/server.crt

LetsEncrypt

Client-provisioned SSL certificates

Add the certificate to layar.config

Pass certificate via helm CLI

Add the certificate to `layar.config`