Skip to content

Latest commit



51 lines (42 loc) · 2.11 KB

File metadata and controls

51 lines (42 loc) · 2.11 KB

Bringing up WorkflowHub with HTTPS configuration

In this example we're going to use the same self-signed certificates generated by our Makefile, which we're going to mount on /nginx/certs on the WorkflowHub Docker container.

Apply the following modifications to the WorkflowHub nginx.conf file:

@@ -63,7 +63,10 @@ http {
         # gzip_http_version 1.1;
         server {
-               listen 3000;
+               listen 3000 ssl default_server;
+               ssl_certificate /nginx/certs/lm.crt;
+               ssl_certificate_key /nginx/certs/lm.key;
                root /seek/public;
                client_max_body_size 2G;
                location / {
@@ -72,6 +75,7 @@ http {
                     proxy_set_header   X-Real-IP $remote_addr;
                     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                     proxy_set_header   X-Forwarded-Host $server_name;
+                    proxy_set_header   X-Forwarded-Proto $scheme;
                 location ^~ /(assets)/  {
                                gzip_static on;

You can change docker/nginx.conf on the WorkflowHub git repo (currently on the "workflow" branch of and rebuild the image locally, or overwrite the /etc/nginx dir on the WorkflowHub container with a bind mount. For instance, suppose you have copied the contents of /etc/nginx from the WorkflowHub container to /tmp/etc_nginx. Also suppose our certificates are on /tmp/certs. Finally, we're going to map (the hostname in the self-signed certificates) to the physical host's (internal) IP address (you can get it with ifconfig on Linux): suppose this is We're going to run WorkflowHub on a single Docker container, and put it on a network called seek_default.

docker network create seek_default
docker run -d --network seek_default -p 3000:3000 \
  -v /tmp/etc_nginx:/etc/nginx:ro -v /tmp/certs:/nginx/certs:ro \
  --add-host --name wfhub fairdom/seek:workflow

Also add a entry to the physical host's /etc/hosts.