Fetching contributors…
Cannot retrieve contributors at this time
24 lines (14 sloc) 1.96 KB
title order description
Learn how to enable SSL encryption to secure sensitive data

SSL encryption is a security protocol to encrypted connections between servers and clients. We highly recommend that you enable SSL encryption to secure your app's sensitive data and to avoid issues with websockets connecting from behind certain firewalls. Galaxy provides two ways to enable encryption: generating a Let's Encrypt certificate or uploading your own custom certificate. Additionally, a "Force HTTPS" option can be enabled on each domain to ensure connections over HTTP are redirected to HTTPS.

Before you begin

Encryption is automatically enabled for all apps deployed to the subdomain. To enable encryption for custom domains, you must first add a custom domain on your app settings page and configure your DNS to point at Galaxy's DNS. Once added, click on your custom domain to see SSL encryption options.

Let's Encrypt

To enable encryption painlessly, we recommend generating a free Let's Encrypt certificate via Galaxy. In just one click Galaxy generates an SSL certificate and configures it for your custom domain.

Galaxy does not support auto-renewing Let's Encrypt certificates for wildcard (*.) domains, because the mechanism for obtaining those certificates would require you to delegate DNS management for your domain to Galaxy.

Custom certificate

You can also upload a custom key and certificate. Private keys and certificates should be in the PEM format (this is the same format used by nginx). If intermediate certificates are used in addition to the primary certificate, they should be placed in the same file as the primary certificate. The primary certificate should come first, followed by the intermediate certificates.