During this process, you might find it helpful to read the descriptions (which include the purpose, secrets, and network/port details) of the services and their containers: Services and Container Images
This documentation assumes it has been cloned to ~/curiefense.
A Docker Compose deployment can use TLS for communication with Curiefense's UI server and also for the protected service, but this is optional. (If you do not choose to set it up, HTTPS will be disabled.)
If you do not want Curiefense to use TLS, then skip this step and proceed to the next section. Otherwise, generate the certificate(s) and key(s) now.
To enable TLS for the protected site/application, go to curiefense/deploy/compose/curiesecrets/curieproxy_ssl/ and do the following:
Edit site.crt and add the certificate.
Edit site.key and add the key.
To enable TLS for the nginx server that is used by uiserver, go to curiefense/deploy/compose/curiesecrets/uiserver_ssl/and do the following:
Edit ui.crt and add the certificate.
Edit ui.key and add the key.
Set Deployment Variables
Docker Compose deployments can be configured in two ways:
By setting values for variables in deploy/compose/.env
Or by setting OS environment variables (which will override any variables set in.env)
These variables are described below.
Curiefense uses the storage defined here for synchronizing configuration changes between confserver and the Curiefense sidecars.
By default, this points to the local_bucket Docker volume: