Configuring HTTPS in Traefik

Overview

This is a simple guide on configuring Traefik to handle HTTPS so that there won’t be a need for an additional reverse proxy service to terminate it before you reach MOPS 4.0.

Certificate

You need to point Traefik to use a certificate, this is done in /conf/ingress/rules.json:

{
    ...
    "tls": {
        "certificates": [
            {
                "certFile": "C:\\ProgramData\\MOPSsys\\MOPS4.0\\cert\\cert.crt", 
                "keyFile": "C:\\ProgramData\\MOPSsys\\MOPS4.0\\cert\\cert.key"
            }
        ]
    }
    ...
}

Currently, if you specify a custom certificate store for your certificate it doesn’t seem to work, so we override the default certificate store.

Generating a self-signed certificate is a good way testing, you need OpenSSL installed and then you can generate one with Powershell commands:

openssl genrsa -out traefik.key 2048

openssl req -new -key traefik.key -out traefik.csr

openssl x509 -req -days 365 -in traefik.csr -signkey traefik.key -out traefik.crt

You will need to combine key-file and certificate file into a .pem for Traefik:

Get-Content traefik.key, traefik.crt | Set-Content traefik.pem