CloudBeaver Documentation


CloudBeaver SSL certificate configuration

Proxy and SSL configuration

The instance contains an Nginx proxy server, the configuration of which is located at path /etc/nginx/conf.d/cloudbeaver.conf

To set up a connection via HTTPS with domain:

  • You need to create or buy a valid TLS certificate for your domain endpoint.
  • After you get SSL certificate for your domain you must put it to /etc/nginx/ssl/fullchain.pem as certificate and /etc/nginx/ssl/privkey.pem as a private key.
  • Change server_name _; in configuration /etc/nginx/conf.d/cloudbeaver.conf to server_name <your-domain>;
  • Enter in terminal sudo systemctl reload nginx.service to reload Nginx proxy
  • Now you can open your CloudBeaver Server from the browser using your domain address.

Create self-signed certificate

Self-signed certificates are considered insecure for the Internet. Firefox will treat the site as having an invalid certificate, while Chrome will act as if the connection was plain HTTP

You can create self-signed certificate for <your-domain> by running the following script in the terminal:

SECRET_CERT_CSR="/C=US/ST=NY/L=NYC/O=CloudBeaver /OU=IT Department/CN=<your-domain>"
cd /etc/nginx/
mkdir ssl
cd ssl
sudo openssl req -x509 -sha256 -nodes -days 36500 -subj "$SECRET_CERT_CSR" -newkey rsa:2048 -keyout privkey.pem -out fullchain.pem