Instantiating Memgraph Lab with custom SSL certificate
Memgraph Lab supports using custom SSL certificates, ensuring secure communication over HTTPS. To set up SSL on Memgraph Lab you will need to configure a Dockerfile using a valid SSL certificate.
Options for generating SSL certificates
There are various options to generate SSL certificates. Check out the steps on how to do that with OpenSSL and Let's Encrypt.
OpenSSL
OpenSSL (opens in a new tab) is a widely used tool for generating SSL certificates. You can create a self-signed certificate using the following commands:
- Generate a private key:
openssl genrsa -out key.pem 2048
- Generate a self-signed certificate:
openssl req -new -x509 -key key.pem -out cert.pem -days 365
However, this option has an expiration date and is not signed by a publicly trusted certificate authority (opens in a new tab), which means you will most likely receive a security warning from your browser while using it.
Let's Encrypt
Let's Encrypt (opens in a new tab) is a free, automated, and open certificate authority that provides SSL certificates. You can use tools like Certbot to obtain and install certificates. To use Let's Encrypt:
- Install Certbot.
- Run Certbot to obtain your certificates:
sudo certbot certonly --standalone -d yourdomain.com
This will generate your SSL certificate and key, typically located in
/etc/letsencrypt/live/yourdomain.com/
.
Dockerfile setup
To run Memgraph Lab with custom SSL certificates, you need to create a Dockerfile that specifies how to build the Docker image with your certificates.
You will need to set the SSL_CERT_PATH
and SSL_KEY_PATH
environment variables
to override the default ./ssl/
path used by Lab running in the container to
determine the SSL certificate location. After that, you should copy your certificates
(located in the ssl
folder at the same location as your Dockerfile
, for example)
into the container at the specified path.
Example Dockerfile
FROM memgraph/lab:latest
# Environment variables
ENV SSL_IS_ENABLED=true
ENV SSL_CERT_PATH=./myssl/cert.pem
ENV SSL_KEY_PATH=./myssl/key.pem
# COPY source_on_your_machine destination_in_container
COPY ssl/ ./myssl/
EXPOSE 3000
Building and running the Docker container
-
Create the SSL Directory: Make sure your SSL certificate and key are placed in a directory specified as
COPY
source in your Dockerfile. -
Build the Docker Image: Run the following command to build your Docker image:
docker build -t memgraph-lab-ssl .
-
Run the Docker Container: Start the container using the following command:
docker run -p 3000:3000 memgraph-lab-ssl
-
Access Memgraph Lab: You can now access Memgraph Lab in your web browser at
https://localhost:3000
. Ensure to configure your browser to trust the self-signed certificate if you are using one.