Use SSL/TLS Communications

IDOL components and front end applications support SSL/TLS.

To configure the docker compose set up to use SSL/TLS

  1. Modify the idol-ssl.env environment file to configure the SSL behavior.

    The idol-ssl.env file is the environment file for all the services that Docker Compose creates. This file configures the environment variable configurations that are common to all services. If required, you can also set environment variables for individual services. See SSL Environment Variable Reference.

  2. Modify the docker-compose.ssl.yml file to define how to set up the deployment with certificates.

    You can provide these certificates (recommended), or you can provide an OpenSSL-based Certificate Authority to generate the certificates when you run the containers. See Set Up SSL/TLS Certificates and Trust Stores.

  3. Modify the docker-compose.ssl.yml file to configure the ssl-volume bind volume, which provides the certificates from the host machine to the containers. By default this has the following configuration: 

    x-ssl-volume: &ssl-volume
       type: bind
       source: ../ssl/intermediate
       target: /ssl

    You must adjust the source path to the appropriate location of certificates for your system.

    NOTE: OpenText recommends that you leave the target path as /ssl, which is required for idol-nifi to retrieve certificates. In all cases, the target path must correspond to the directory that you set in the IDOL_SSL_CA_MOUNTDIR environment variable (see SSL Environment Variable Reference). 

  4. Send the docker compose up command, including the docker-compose.ssl.yml file. For example: 

    docker-compose -f docker-compose.yml -f docker-compose.ssl.yml up

    For the basic-idol setup, if you also want to include MMAP, you must also add the docker-compose.add-mmap.ssl.yml file to the up command.

    NOTE: Between the ssl-volume and the environment variables that you provide to the containers, the containers must be able to either find or generate a certificate for the component. If it cannot obtain an appropriate certificate, the docker-compose up command exits with an error.