diff --git a/website/docs/using-unleash/troubleshooting/https.md b/website/docs/using-unleash/troubleshooting/https.md new file mode 100644 index 0000000000..84186f6517 --- /dev/null +++ b/website/docs/using-unleash/troubleshooting/https.md @@ -0,0 +1,41 @@ +--- +title: Configuring Unleash to run over HTTPS +--- + +Preferred methods for setting up HTTPS in self-hosted instances, from highly recommended to those requiring more caution: + +## Load Balancer + +The best choice is to use a load balancer. +A load balancer from a cloud provider renews the HTTPS certificates for you and keeps the data safe when it moves between the internet and your server. +Also, your cloud provider's private network between your load balancer and the application is already encrypted. + +## Sidecar + +If you're using something like Kubernetes and need HTTPS to be handled right next to your Unleash app, use a sidecar pattern. +This method keeps the HTTPS handling separate from the Unleash application logic. +Tools like [Istio](https://istio.io/), [Envoy](https://www.envoyproxy.io/), [HAProxy](https://www.haproxy.org/), or [Nginx](https://www.nginx.com/) can help by automatically updating certificates. + +## Manual SSL termination in Unleash + +Approach manual SSL termination within Unleash with caution. +This direct control method over the SSL setup adds complexity and a maintenance burden that can be challenging to manage. + +If you insist on having Unleash do HTTPS termination for you, you'll need to set that up yourself using: +* http://expressjs.com/en/5x/api.html#app.listen +* https://nodejs.org/api/https.html#httpscreateserveroptions-requestlistener + +Example: +```javascript +const https = require('node:https'); +const fs = require('node:fs'); +const options = { + key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), + cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem') +}; + +let app = unleash.create(); +https.createServer(options, app).listen(443); +``` + + diff --git a/website/docusaurus.config.js b/website/docusaurus.config.js index b2f00d3c48..38adef58ec 100644 --- a/website/docusaurus.config.js +++ b/website/docusaurus.config.js @@ -701,6 +701,10 @@ module.exports = { from: '/how-to/how-to-troubleshoot-cors', to: '/using-unleash/troubleshooting/cors', }, + { + from: '/how-to/how-to-troubleshoot-https', + to: '/using-unleash/troubleshooting/https', + }, { from: '/how-to/how-to-troubleshoot-feature-not-available', to: '/using-unleash/troubleshooting/feature-not-available', diff --git a/website/sidebars.js b/website/sidebars.js index fa01bcf704..d66b6c36c3 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -464,11 +464,12 @@ module.exports = { }, items: [ 'using-unleash/troubleshooting/cors', + 'using-unleash/troubleshooting/https', 'using-unleash/troubleshooting/email-service', 'using-unleash/troubleshooting/feature-not-available', 'using-unleash/troubleshooting/flag-exposure', 'using-unleash/troubleshooting/flag-not-returned', - 'using-unleash/troubleshooting/flag-abn-test-unexpected-result' + 'using-unleash/troubleshooting/flag-abn-test-unexpected-result', ], }, 'generated/unleash-edge', diff --git a/website/vercel.json b/website/vercel.json index 56a9eb7364..a8e9cf7251 100644 --- a/website/vercel.json +++ b/website/vercel.json @@ -650,6 +650,11 @@ "destination": "/using-unleash/troubleshooting/cors", "permanent": true }, + { + "source": "/how-to/how-to-troubleshoot-https", + "destination": "/using-unleash/troubleshooting/https", + "permanent": true + }, { "source": "/how-to/how-to-troubleshoot-feature-not-available", "destination": "/using-unleash/troubleshooting/feature-not-available", @@ -776,4 +781,4 @@ "permanent": true } ] -} \ No newline at end of file +}