Skip to main content
Version: Next

SSL Communication with Lunar.dev Gateway

This page provides guidance on encrypting requests between your clients and the Lunar.dev API Consumption Gateway using TLS. Follow the steps below to secure traffic.

Steps to Enable TLS

  1. Obtain a TLS certificate:

    Make sure you have a valid TLS certificate, such as my_cert.pem.

  2. Set the TLS_CERT_PATH environment variable (optional):

    If your certificate is stored in a custom path, set the TLS_CERT_PATH environment variable within the Lunar.dev container. By default, the path is /etc/lunar-proxy/certs/tls/gateway_cert.pem.

    -e TLS_CERT_PATH="/path_to_cert/my_cert.pem"
  3. Run the Lunar.dev API Consumption Gateway container:

    If TLS_CERT_PATH environment variable is not set, create the directory /certs/tls and place the certificate file inside. After setting up the certificate, run the Lunar.dev container. For exclusive HTTPS connections, expose only port 443.

    docker run --rm -p 443:443 -p 8081:8081 -e TENANT_NAME="My Organization" \
    -v $(pwd):/etc/lunar-proxy \
    --name lunar-proxy lunarapi/lunar-proxy:latest

    Tip: For HTTPS-only traffic, omit the -p 8000:8000 option.


Verifying TLS Support

To verify the TLS configuration, use curl:

curl https://localhost/fact -H "x-lunar-host: catfact.ninja" -H "x-lunar-scheme: https

Or, using wget:

wget -qO - --header="x-lunar-host: catfact.ninja" --header="x-lunar-scheme: https" https://localhost/fact

Both commands will make a request to the Lunar.dev Gateway, forwarding it securely to the upstream server. You should see a response like:

{"fact":"Among many other diseases, cats can suffer from anorexia, senility, feline AIDS and acne.","length":89}

note

Ensure that your TLS certificates are secure and kept up to date for the integrity of your communications.