IRIS Data Platform Docker, OAuth2 and HTTPS
Hi!
we are evaluating IRIS Data Platform as an OAuth2 Authorization Server with the use of the official Docker image. We currently struggle with the OAuth2 setup, as we are required to use https:// for the /oauth2/authorize and /oauth2/token endpoints, but the Docker container exposes only http:// in its default configuration. We have tried to find any hints in the docs but were not successful. Any help is appreciated.
Thanks
Klaus & Lukas
Comments
Hi Klaus,
You have to proxy IRIS to use https. To do so, use this git :
- https://github.com/grongierisc/Https-Proxy-IRIS-Docker
- Simple https proyx
- https://github.com/lscalese/isc-webgateway-letsencrypt
- More robust Https proxy with certbot and https between proxy and IRIS
- https://github.com/grongierisc/IRIS-Oauth2-Server-Client
- An example of IRIS as an Oauth2 server + embedded apache https proxy + full implementation of those tutos :
Thx for the quick response. All provided examples give us a good impression of the different options.
You're correct except it's called a public web server (and not a proxy).
We made it work with, heavily inspired by Guillaume's reply. Some details about a major problem we faced and our solution:
To make this work with the IRIS Data Platform Docker Image, we had to edit the /durable/httpd/conf/httpd.conf of the Apache2 in the docker image to enable SSL (and generate the keys). If SSL terminates at a proxy that runs in a separate docker container (either nginx or apache) the OAuth2 endpoints did throw the following error: "Request must be secured with TLS/SSL". Thus SSL must terminate at the web server that runs the CSP Plugin/Module, in this case the apache2 in the IRIS Data Platform Docker image.
Thanks, @Klaus Richarz! Ping @Luca Ravazzolo and @Steven LeBlanc on the issues with IRIS Docker image.