Load balancer
The HTTP/s load balancer terminates HTTPS (TLS) for clients. It is configured with a certificate from your cloud provider or another CA, completes the TLS handshake, forwards traffic to Fabricate's application container, and exposes the application to the internet.
AWS ALB
If you use AWS, you can create an Application Load Balancer with a TLS certificate in front of your Fabricate instance.
You can either:
Use a free SSL/TLS certificate from AWS Certificate Manager
Bring your own certificate
To configure the ALB:
In AWS Certificate Manager (ACM), issue a certificate for your hostname, such as
fabricate.example.com, using a DNS or Email challenge.Create new target group (at EC2 / Load Balancing / Target Groups) with:
Protocol
HTTPPort
3000Health check path
/up
Register the used Amazon EC2 instance in that target group.
Create a new application load balancer under EC2 / Load Balancing / Load balancers with:
HTTPS (443) forwarding to the target group
Optional HTTP (80) redirecting to HTTPS
Previously issued ACM certificate for your domain
Previously created target group with the Amazon EC2 instance
Allow
443on the ALB security group.Allow
3000on the instance only from the ALB security group.Point DNS for your hostname to the ALB CNAME / A / AAAA.
In Fabricate's .env file, set FABRICATE_HOST to the public hostname that the ALB serves. Do not include the internal application port.
For example:
Caddy
If you run Fabricate on a single VPS, you can use Caddy to terminate TLS on the server.
To configure Caddy:
Create an
AorAAAArecord for your Fabricate hostname that points to the server IP address.Allow inbound TCP
80and443.Add a
caddyservice to your Docker Compose setup:
In the same directory, create a
Caddyfileconfiguration with a proxy to thehttp://web:3000container. Caddy uses ACME HTTP change to automatically issue and renew the certificate for your domain.
Set
FABRICATE_HOSTin .env file to the public hostname:
Nginx
If you run Fabricate behind nginx, then on the /cable path, you must enable websocket connection upgrades.
For example:
Other load balancers / proxies
Other load balancer / proxy options include:
Google Cloud Load Balancer
Traefik
Envoy
Last updated
Was this helpful?