certificates

yaptide · Oct 16, 2023 · 8488be3 · 8488be3
1 parent 5f09afb
commit 8488be3
Showing 1 changed file with 60 additions and 1 deletion.
diff --git a/docs/maintenance.md b/docs/maintenance.md
@@ -30,7 +30,7 @@ docker compose up --detach --build
 Note the `--build` flag. It is needed to rebuild the containers, as the source code has changed.
 
 
-## Yaptide platform storage
+## Storage volume
 
 The yaptide backend uses the docker volume named `yaptide_data` to store the data. It hosts SQLite database with following information:
 
@@ -48,3 +48,62 @@ To remove the volume and all data stored in it, stop the backend containers, by
 docker compose down --volumes
 ```
 
+## SSL certificates
+
+The SSL certificates are used to secure the communication for two cases:
+
+  * between the user client and the machine serving the UI
+  * between the user client and the machine serving the backend
+
+Frontend uses Nginx to serve statically generated HTML, CSS and JavaScript files. 
+Backend uses Nginx as a proxy to forward requests to the backend server.
+Both Nginx instances are configured to use SSL certificates.
+
+By default the self-signed certificates are used (usually not trusted by the browser). 
+They are generated automatically when the containers are started for the first time.
+
+To replace self-signed certificates with your own, stop the containers and replace the files according to the following recipe.
+
+### Frontend
+
+Ensure that `yaptide_ui` container is running.
+
+Copy the files `server.key` containing the private key:
+
+```bash
+docker cp server.key yaptide_ui:/etc/nginx/conf.d/server.key
+```
+
+and `server.crt` containing the certificate:
+
+```bash
+docker cp server.crt yaptide_ui:/etc/nginx/conf.d/server.crt
+```
+
+Restart the container:
+
+```bash
+docker restart yaptide_ui
+```
+
+### Backend
+
+Ensure that `yaptide_nginx` container is running.
+
+Copy the files `server.key` containing the private key:
+
+```bash
+docker cp server.key yaptide_nginx:/etc/nginx/conf.d/server.key
+```
+
+and `server.crt` containing the certificate:
+
+```bash
+docker cp server.crt yaptide_nginx:/etc/nginx/conf.d/server.crt
+```
+
+Restart the container:
+
+```bash
+docker restart yaptide_nginx
+```