How would I be able to enable SPO to use SSL/TLS
I tried to disable CADDY ACME and add the certs to ShinyProxy, but that did not work.
environment:
SPO_ORCHESTRATOR: docker
SPO_DOCKER_GID: 995
SPO_CADDY_ENABLE_TLS: “true”
SPO_CADDY_ACME: “false”
https:
enabled: true
certificate-file: /opt/shinyproxy-docker-operator/input/shinyproxy.bdx.com.crt
certificate-key-file: /opt/shinyproxy-docker-operator/input/shinyproxy.bdx.com.key
Hi
It seems you are using some configuration options that do not exists.
You can find the correct configuration for custom TLS certs here: Docker | ShinyProxy
It could also be useful to have a look at the structure of the input directory: Docker | ShinyProxy
So your configuration becomes:
SPO_ORCHESTRATOR: docker
SPO_DOCKER_GID: 995
SPO_CADDY_ENABLE_TLS: "true"
proxy:
realm-id: my-realm
# ..
# make sure to not indent these options, these should sit at the highest level in the config file
caddyTlsCertFile: /opt/shinyproxy-docker-operator/input/shinyproxy.bdx.com.crt
caddyTlsKeyFile: /opt/shinyproxy-docker-operator/input/shinyproxy.bdx.com.key
Thanks for the reply.
I tried the approach from Using custom certificates
The issue is that the domain bdx.com can’t be resolved because it is private.
GPT 5.4 was giving all sorts of bad ideas.
The simple question is if I have my own key and crt how can I use them and not have CADDY try to resolve the host or use Let’s Encrypt?
This is what sudo docker logs -f sp-caddy is showing
{“level”:“error”,“ts”:1775658569.9199247,“logger”:“http.acme_client”,“msg”:“validating authorization”,“identifier”:“shinyproxy.bdx.com”,“problem”:{“type”:“urn:ietf:params:acme:error:dns”,“title”:“”,“detail”:“DNS problem: NXDOMAIN looking up A for shinyproxy.bdx.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for shinyproxy.bdx.com - check that a DNS record exists for this domain”,“instance”:“”,“subproblems”:},“order”:“https://acme-staging-v02.api.letsencrypt.org/acme/order/281211673/35805832883",“attempt”:1,"max_attempts”:3}