Channels
announcements
ask-marvin
best-practices-coordination-plane
data-ecosystem
data-tricks-and-tips
events
find-a-prefect-job
geo-bay-area
geo-berlin
geo-boston
geo-chicago
geo-colorado
geo-dc
geo-israel
geo-japan
geo-london
geo-nyc
geo-seattle
geo-texas
gratitude
introductions
marvin-in-the-wild
pacc-clearcover-june-12-2023
pacc-may-31-2023
ppcc-may-16-2023
prefect-ai
prefect-aws
prefect-azure
prefect-cloud
prefect-community
prefect-contributors
prefect-dbt
prefect-docker
prefect-gcp
prefect-getting-started
prefect-integrations
prefect-kubernetes
prefect-recipes
prefect-server
prefect-ui
random
show-us-what-you-got
Title
x
Xavier Babu
08/08/2022, 8:42 PMDear Prefect Community,
Is it possible to run Prefect Orion (2.0) UI using https:// instead of http://. For example instead of running http://server_host:4200 can we run https://sever_host:4443. If so, what kind of configuration I have to do? Please provide instructions.
Thanks,
Xavier Babu
👀 2
✅ 2
b
Bianca Hoch
08/08/2022, 9:32 PMHi Xavier, interesting question. I'm not sure if that is possible at the moment. Would you mind describing your use case and why you'd need this capability?
x
Xavier Babu
08/08/2022, 11:41 PMWe have a web-based application platform and we show Prefect Orion UI within that platform. Since we use Okta SSO, we should support https (SSL/TLS) in the application platform security. That part is done. But, since Prefect UI supports only http, now I can't show the UI within the platform. Browser is raising an exception. If Prefect Orion UI supports https and if we run it using SSL, then we don't come across this issue.
c
Cole Murray
08/09/2022, 2:25 AMHi Xavier,
In a typical web app deployment, you want to separate SSL to a separate side car / load-balancer, which serves as a reverse proxy for your app, the most common being nginx.
Client ---> reverse proxy ----> your app
or
Client -> load balancer --> your app
Your certificates then live within this container and function separate of your application logic. If you’re deployed on GCP or AWS, you can have the load balancer provide this functionality, and bind your SSL cert to the load balancer.
You can read more here:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-server-cert.html
https://en.wikipedia.org/wiki/TLS_termination_proxy
🙌 2
:gratitude-thank-you: 1
x
Xavier Babu
08/09/2022, 9:48 PMThanks, Cole. I am not using AWS. PREFECT ORION is running in our on-premise Linux servers. When I start PREFECT ORION UI, how can I make it run as https using SSL. In Tomcat web server I know how to configure and support both http and https. You meant to say I can have a HTTPS web application which can reverse proxy the request to http://prefect_orion:4200?
c
Cole Murray
08/09/2022, 10:10 PMYes, rather than having the orion server supporting HTTPS, you’ll have a proxy server in front of it, responsible for handling the encrypt/decrypt for TLS.
Client ---- (HTTPS) ---> nginx reverse proxy --(HTTP)--> orion