SSL

There are two ways to handle SSL certificates

1. Put the app behind a load balancer or app gateway and run the containers with internal-compose.sh up -d, which starts the server with nginx configured to accept http traffic on port 80. Configure your certificates at your load balancer/app gateway and to route traffic appropriately to the app. Do not use this configuration without SSL termination handled by a gateway or load balancer.
2. Install the certificates on the server and run the containers with prod-compose.sh up -d, which starts the server with nginx configured to handle https traffic using the certificates you installed.

Installing certificates on the server
The app looks for certificate configuration in <install directory>/volumes/certs. This directory is mounted into the nginx container at /etc/nginx/certs. For convenience, /etc/letsencrypt and var/www/certbotare also mounted if you choose to use that to create the certificates. You must create a certificates.conf file in volumes/certs that will point nginx at your certificates.

For example:

listen 443 ssl http2;  
ssl_certificate /etc/nginx/certs/your_cert.pem;  
ssl_certificate_key /etc/nginx/certs/your_key.pem;

Remember that the paths in this config file need to use the container mount path, not the host path. In the above case your_cert.pem and your_key.pem have been placed in volumes/certs on the host. If your certs are located in a default LetsEncrypt location, the paths on the host and within the container will be identical.