Hey @Tigere, I’ve just managed to get https with a custom certificate working on my open source TTS server, and it looks like you want to use HTTPS, so I’ll post instructions here.
First, download docker-compose.yml and ttn-lw-stack-docker.yml and configure them as normal. In my case, this meant replacing thethings.example.com with the static ip address of the machine hosting my docker containers. Then, uncomment the sections about using custom certificates.
At the bottom of docker-compose.yml:
Near the top of ttn-lw-stack-docker.yml (don’t forget to comment out the let’s encrypt section):
Next, install cfssl and cfssljson:
go get -u github.com/cloudflare/cfssl/cmd/cfssl
go get -u github.com/cloudflare/cfssl/cmd/cfssljson
You can run the installed binaries from ~/go/bin or add them to your PATH.
You are now ready to follow the instructions for using a custom certificate. I created ca.json exactly as shown. For cert.json, I replaced thethings.example.com with the static ip address of the host (as I had done in docker-compose.yml and ttn-lw-stack-docker.yml). After creating the two json files, I ran the commands to generate the certificates and put the relevant files into my project:
cfssl genkey -initca ca.json | cfssljson -bare ca
cfssl gencert -ca ca.pem -ca-key ca-key.pem cert.json | cfssljson -bare cert
mv cert-key.pem tts/key.pem
mv cert.pem tts/cert.pem
mv ca.pem tts/ca.pem
Like the instructions say, your project directory (tts in my case) should look like this:
.
├── blob
├── ca.pem
├── cert.pem
├── config
│ └── stack
│ └── ttn-lw-stack-docker.yml
├── docker-compose.yml
└── key.pem
Finally, add ca.pem to the certificate store(s) on any machines that will be interacting with your TTS installation.
sudo cp ca.pem /usr/local/share/ca-certificates/ca.crt
sudo update-ca-certificates
You can discard the other files created during the certificate signing process - you no longer need them (ca-key.pem, ca.csr, ca.json, cert.csr, cert.json).
Now, run the things stack as normal and you should be good to go.