Product KnowledgeIntegrations

Enabling TLS encrytpion

Overview

By default, TLS encryption is not enabled for the Somewear Core service. HTTPS sessions are terminated at the load balancer and internal traffic between the load balancer and application nodes is unencrypted. In order to encrypt this internal traffic, TLS needs to be enabled and certificates need to be created. Enabling TLS is also a requirement for bidirectional federated TAK integrations. The Pilot CLI tool can be used to generate the required certificates and enable TLS encryption.

Interested in an on-premises deployment? Reach out to [email protected] for more info.

Setup instructions

Switch to the Pilot user account and run the Pilot command to create TLS certificates.

sudo su - pilot
pilot node create-tls-certs

The Pilot command to create TLS certs is interactive and you will need to enter values for a few fields. You will give the certs a name/label. You will also be prompted to enter an address for TAK federation if you intend to use it. The TAK address is optional and can be left blank. Below is example output from running the init command.

$ pilot node create-tls-certs
Generating TLS certificates for somewear.example.org
Enter short name/description for the certificate: ACME
Enter the TAK address for the certificate: tak.example.org
TLS certificate generation complete.

Enabling TLS in somewear.conf
TLS configuration complete.  Restart the service to apply the changes.

After creating the certificates, the Somewear Core service will need to be restarted to apply the changes. Run the following Docker Compose commands from the Pilot user's home directory.

docker compose stop somewear-core
docker compose up -d

Optionally, follow the startup logs for the Somewear Core service.

docker logs -f somewear-core

Note: For distributed system installs with multiple Somewear Core nodes, make sure to only generate the certificates on a single host. The certificate files will be stored in the Pilot user's home directory at /home/pilot/certs. Then copy the contents of this directory to the same location on your other Somewear Core nodes.

PreviousCaddy load balancer install

Last updated