Custom SSL certificates

Instantiating Memgraph Lab with custom SSL certificate

Memgraph Lab supports using custom SSL certificates, ensuring secure communication over HTTPS. To set up SSL on Memgraph Lab you will need to configure a Dockerfile using a valid SSL certificate.

Options for generating SSL certificates

There are various options to generate SSL certificates. Check out the steps on how to do that with OpenSSL and Let's Encrypt.

OpenSSL

OpenSSL (opens in a new tab) is a widely used tool for generating SSL certificates. You can create a self-signed certificate using the following commands:

  1. Generate a private key:
  openssl genrsa -out key.pem 2048
  1. Generate a self-signed certificate:
  openssl req -new -x509 -key key.pem -out cert.pem -days 365

However, this option has an expiration date and is not signed by a publicly trusted certificate authority (opens in a new tab), which means you will most likely receive a security warning from your browser while using it.

Let's Encrypt

Let's Encrypt (opens in a new tab) is a free, automated, and open certificate authority that provides SSL certificates. You can use tools like Certbot to obtain and install certificates. To use Let's Encrypt:

  1. Install Certbot.
  2. Run Certbot to obtain your certificates:
  sudo certbot certonly --standalone -d yourdomain.com

This will generate your SSL certificate and key, typically located in /etc/letsencrypt/live/yourdomain.com/.

Dockerfile setup

To run Memgraph Lab with custom SSL certificates, you need to create a Dockerfile that specifies how to build the Docker image with your certificates.

You will need to set the SSL_CERT_PATH and SSL_KEY_PATH environment variables to override the default ./ssl/ path used by Lab running in the container to determine the SSL certificate location. After that, you should copy your certificates (located in the ssl folder at the same location as your Dockerfile, for example) into the container at the specified path.

Example Dockerfile

FROM memgraph/lab:latest
 
# Environment variables
ENV SSL_IS_ENABLED=true
ENV SSL_CERT_PATH=./myssl/cert.pem
ENV SSL_KEY_PATH=./myssl/key.pem
 
# COPY source_on_your_machine destination_in_container
COPY ssl/ ./myssl/
 
EXPOSE 3000

Building and running the Docker container

  1. Create the SSL Directory: Make sure your SSL certificate and key are placed in a directory specified as COPY source in your Dockerfile.

  2. Build the Docker Image: Run the following command to build your Docker image: docker build -t memgraph-lab-ssl .

  3. Run the Docker Container: Start the container using the following command: docker run -p 3000:3000 memgraph-lab-ssl

  4. Access Memgraph Lab: You can now access Memgraph Lab in your web browser at https://localhost:3000. Ensure to configure your browser to trust the self-signed certificate if you are using one.