Use AWS Load Balancers instead of LetsEncrypt for SCIM Bridge

Can you let me know the directionality of traffic in regards to LetsEncrypt? We would prefer to use certificates generated on AWS Load Balancers, rather than LetsEncrypt. It makes a difference in our topology if the deployment is listening or pushing traffic


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hi @joshuaevans98! Thank you for reaching out.

    You can definitely use an AWS load balancer with a TLS certificate. We provide the Let's Encrypt functionality as an option for folks that do not want to obtain their own certificate or configure their own TLS termination. If you configure the AWS load balancer to perform TLS termination, then you can safely disable the Let's Encrypt functionality on the SCIM bridge.

    The two environment variables you would want to update are:

    • OP_LETSENCRYPT_DOMAIN="" - Setting this value to an empty string disables the Let's Encrypt functionality on the SCIM bridge.
    • OP_PORT=<port number> - This overrides the default listening port of the SCIM bridge. It defaults to 3002 when Let's Encrypt is disabled. Set this to the port number you would like the load balancer to use to connect to the SCIM bridge.

    Note that the above configuration assumes that you already have the SCIM bridge credentials installed, and the value of OP_SESSION is set to the path to the credential file, or the base64 encoded contents of the file. Without OP_SESSION set the SCIM bridge will start up in setup mode.

    Let us know if you need more information.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file