HTTPS for Broker Client with Docker

The HTTPS configuration for the Broker client is identical for GitHub, GitLab, and other SCM integrations. Only the Broker image and SCM-specific environment variables differ. HTTPS is optional and typically required only when your SCM provider or internal security policies require TLS for webhook or local connections.

The Broker Client runs an HTTP server by default. It can be configured to run an HTTPS server for local connections. This requires an SSL certificate and a private key to be provided to the Docker container at runtime.

For example, if your certificate files are found locally at ./private/broker.crt and ./private/broker.key, provide these files to the Docker container by mounting the folder and using the HTTPS_CERT and HTTPS_KEY environment variables:

docker run --restart=always \
           -p 8000:8000 \
           -e BROKER_TOKEN=secret-broker-token \
           -e GITHUB_TOKEN=secret-github-token \
           -e PORT=8000 \
           -e HTTPS_CERT=/private/broker.crt \
           -e HTTPS_KEY=/private/broker.key \
           -e BROKER_CLIENT_URL=https://my.broker.client:8000 \
           -v /local/path/to/private:/private \
       snyk/broker:github-com

This example uses the GitHub Broker image. If you are using GitLab, Bitbucket, or another integration, replace the Broker image and the SCM token environment variable. The HTTPS configuration itself is identical across all Broker types.

BROKER_CLIENT_URL now has the HTTPS scheme.

PreviousUpdate the Snyk Broker client NextHigh availability mode

Last updated 18 days ago

Was this helpful?