Dear Prefect Community Is it possible to run Prefect Orion 2

Question

Dear Prefect Community Is it possible to run Prefect Orion 2 0 UI using https instead of http For example instead of running can we run If so what kind of configuration I have to do Please provide instructions Thanks Xavier Babu

Bianca Hoch · Answer

Hi Xavier interesting question I m not sure if that is possible at the moment Would you mind describing your use case and why you d need this capability

Xavier Babu · Answer

We have a web based application platform and we show Prefect Orion UI within that platform Since we use Okta SSO we should support https SSL TLS in the application platform security That part is done But since Prefect UI supports only http now I can t show the UI within the platform Browser is raising an exception If Prefect Orion UI supports https and if we run it using SSL then we don t come across this issue

Cole Murray · Answer

Hi Xavier In a typical web app deployment you want to separate SSL to a separate side car load balancer which serves as a reverse proxy for your app the most common being nginx Client gt reverse proxy gt your app or Client gt load balancer gt your app Your certificates then live within this container and function separate of your application logic If you re deployed on GCP or AWS you can have the load balancer provide this functionality and bind your SSL cert to the load balancer You can read more here

Xavier Babu · Answer

Thanks Cole I am not using AWS PREFECT ORION is running in our on premise Linux servers When I start PREFECT ORION UI how can I make it run as https using SSL In Tomcat web server I know how to configure and support both http and https You meant to say I can have a HTTPS web application which can reverse proxy the request to <http prefect orion 4200>

Cole Murray · Answer

Yes rather than having the orion server supporting HTTPS you ll have a proxy server in front of it responsible for handling the encrypt decrypt for TLS Client HTTPS gt nginx reverse proxy HTTP gt orion