Share

Configure HTTPS support

Warning:

Local installations of Flow Production Tracking are no longer offered. This documentation is intended only for those with existing instances of Shotgun Enterprise Docker. Click here for a list of our current offerings.

This article is intended for Flow Production Tracking System Administrators. It gives information about how to add HTTPS support to a Flow Production Tracking Enterprise instance.

Note:

We very strongly recommend using the HTTPS protocol. The client is solely responsible if HTTPS is not enabled, and the integrity of your data will be at risk without it.

Adding HTTPS support is done in three steps:

  1. Acquire SSL certificates
  2. Configure the reverse proxy
  3. Configure Flow Production Tracking to use HTTPS

SSL certificates

HTTPS needs to be configured by you at the reverse proxy level. Depending on the solution you are using (load balance, software proxy, etc.), the configuration steps will be different. In any cases, the first step is to acquire SSL certificates from an official Registered Certificate Authority. We highly recommend using valid certificates instead of self-signed one. If you are not familiar with SSL, this article is a good resource to get started: http://how2ssl.com.

HTTPS and HAProxy

If you are using the provided proxy example, you can enable HTTPS with the following steps once you have your valid certificate.

  • Create a file name combined_cert.pem in the proxy/certs folder, containing your certificate, certificate chain and private key.
    • Un-comment HTTPS sections in proxy/config/haproxy.cfg
  • Add port-mapping for 443 to the proxy service in docker-compose.yml

Once this is done, restart the proxy container:

 docker-compose up -d

Configure Flow Production Tracking to use HTTPS

Once your certificates are installed and HTTPS enabled on the reverse proxy, Flow Production Tracking also needs to be configured. This is so Flow Production Tracking generates HTTPS links in email notifications and redirects.

In the Flow Production Tracking Web App, go to Site Preferences -> Advanced and set Enable SSL for urls.

FAQ

Can I use self-signed certificates?

It may be more complex to set up your different clients to accept self-signed certificates. Some browsers or web clients may block accessing HTTPS URLs that don’t have a valid certificate, causing all kinds of issues for your users. If you still want to go the self-signed way, the following article could be useful: https://wiki.centos.org/HowTos/Https.

Parent page: Advanced Configuration

Was this information helpful?