Add HTTPS documentation and example to README.

Kilemonn · Jul 10, 2023 · a62f5cd · a62f5cd
1 parent ad963ae
commit a62f5cd
Showing 1 changed file with 49 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -137,3 +137,52 @@ environment:
  - spring.datasource.username=postgres
  - spring.datasource.password=5up3r5tR0nG!
 ```
+
+---
+
+## HTTPS
+
+By default the `MessageQueue` does not have HTTPS enabled and is exposed on port `8080`.
+To enable HTTPS you'll need to provide your own SSL certificate and extend the current version of the image hosted at: https://hub.docker.com/r/kilemon/message-queue. When extending this image you want to add your own SSL certificate into the container and take note of the generated file location as you'll need to reference it in the environment properties you provide to the `MessageQueue`.
+**NOTE: You need to use version 0.1.9 or above of the `MessageQueue` image.**
+
+Below is an example Dockerfile that you could use to generate a self signed certificate.
+Dockerfile:
+```
+FROM kilemon/message-queue:latest
+
+# The generated cert will be placed at /messagequeue/keystore.p12 in the container (refer to path in docker compose file).
+RUN ["keytool", "-genkeypair", "-alias", "sslcert", "-keyalg", "RSA", "-keysize", "4096", "-validity", "3650", "-dname", "CN=message-queue", "-keypass", "changeit", "-keystore", "keystore.p12", "-storeType", "PKCS12", "-storepass", "changeit"]
+
+EXPOSE 8443
+
+ENTRYPOINT ["java", "-jar", "messagequeue.jar"]
+```
+
+Using docker compose you can reference and build this Dockerfile and pass in the appropriate parameters to enable HTTP on the `MessageQueue` application:
+
+docker-compose.yml:
+```yaml
+version: "3.9"
+services:
+  queue:
+    container_name: queue
+    build: .
+    ports:
+      - "8443:8443"
+    environment:
+      MULTI_QUEUE_TYPE: IN_MEMORY
+      server.port: 8443 # The port set here must match the health check port below and the exposed port from the Dockerfile
+      server.ssl.enabled: true
+      server.ssl.key-store-type: PKCS12
+      server.ssl.key-store: keystore.p12 # This path is relative to the `messagequeue.jar` location. The full location is /messagequeue/keystore.p12 for this example
+      server.ssl.key-store-password: changeit
+    healthcheck: # Example simple health check, disabling cert check for this example since it is self-signed
+      test: wget --no-check-certificate https://localhost:8443/queue/healthcheck
+      start_period: 3s
+      interval: 3s
+      timeout: 3s
+      retries: 5
+```
+
+Once this starts up you should be able to access the application using HTTPS on the exposed port `8443`.