This document explains how to enable SSL/TLS support for Pulse Web UI without using an ad-proxy (Traefik) container.
Configuration Steps
Generate ad-core Services Configuration (if not available)
Check whether the ad-core services configuration file exists by running the following command.
ls -lha $AcceloHome/config/docker/ad-core.yml- If the file exists, proceed to Step 2 with editing the file.
- If it does not exist, generate it using the command below:
accelo admin makeconfig ad-coreEdit the ad-core.yml File
After the configuration file is generated, open the file in an editor. Locate the ad-graphql section and find the environment subsection as shown in the example below.
Update the SSL configuration variables as needed. For details about the configurations, see SSL Configuration Options.
ad-graphql: image: ad-graphql container_name: "" environment: - MONGO_URI= <URI> - MONGO_ENCRYPTED=true - MONGO_SECRET=<Secret> - UI_PORT=4001 - LDAP_HOST=ad-ldap - LDAP_PORT=19020 - SSL_ENFORCED=false - SSL_ENABLED=false - SSL_KEYDIR=/etc/acceldata/ssl/ - SSL_KEYFILE=ssl.key - SSL_CERTDIR=/etc/acceldata/ssl/ - SSL_CERTFILE=ssl.crt - SSL_PASSPHRASE="" - SSL_UI_PORT=4000 - DS_HOST=ad-query-estimation - OTEL_JAVAAGENT_ENABLED=false - DS_PORT=8181 - ES_USERNAME=pulse - ES_PASSWORD=pPBrVKAoB0QsmCJZNZyYAw== - DOWNLOAD_PATH_LARGE_JOBS=/tmp/downloads - 'FEATURE_FLAGS={ "ui_regex": { "regex": "ip-([^.]*)", "index": 1 }, "rename_nav_labels":{}, "timezone": "", "experimental": true, "themes": false, "hive_const":{ "HIVE_QUERY_COST_ENABLED": false, "HIVE_MEMORY_GBHOUR_COST": 0, "HIVE_VCORE_HOUR_COST": 0 }, "spark_const": { "SPARK_QUERY_COST_ENABLED": false, "SPARK_MEMORY_GBHOUR_COST": 0, "SPARK_VCORE_HOUR_COST": 0 }, "queryRecommendations": false, "hostIsTrialORLocalhost": false, "data_temp_string": "" }' volumes: - /etc/localtime:/etc/localtime:ro - /etc/hosts:/etc/hosts:ro - /data01/acceldata/data/graphql:/tmp/downloads - /opt/security/pki:/etc/acceldata/ssl/:ro ulimits: {} ports: - 4000:4000 depends_on: - ad-dbRestart the ad-graphql Service
Restart the ad-graphql service using the following command:
accelo restart ad-graphqlVerify the Service Status
Check for any errors in the ad-graphql service container logs:
docker logs -f ad-graphql_defaultIf no errors are visible, the service has successfully launched.
Access the Pulse Web UI
Once the configuration is complete, access the Pulse Web UI using the HTTPS protocol in your browser:
https://<hostname>:<port>If configured correctly, Pulse will now serve the UI securely over HTTPS.
SSL Configuration Options
| Variable Name | Default Value | Mandatory? | Description |
|---|---|---|---|
| MONGO URI | - | Yes | Connection string for the MongoDB instance used by Pulse. |
| MONGO_ENCRYPTED | True | Yes | Enables or disables encryption for MongoDB credentials. Set to true to store the Mongo URI in encrypted form. |
| MONGO_SECRET | - | Yes | Secret key used for decrypting the MongoDB connection string. |
| UI_PORT | 4001 | Yes | Defines the HTTP and HTTPS ports for the Pulse Web UI. |
| LDAP_PORT | 19020 | Yes | Port number used by the LDAP service for authentication. |
| SSL_ENFORCED | True | Yes | Enforces HTTPS for the UI port inside the container. This disables the HTTP port. |
| SSL_ENABLED | False | Yes | Enables HTTPS for the UI port inside the container, while keeping the HTTP port active. |
| SSL_KEYDIR | /etc/acceldata/ssl/ | Yes | The directory inside the container where the SSL/TLS key file is located. |
| SSL_KEYFILE | ssl.key | Yes | Name of the SSL/TLS key file inside the container. |
| SSL_CERTDIR | /etc/acceldata/ssl/ | Yes | The directory inside the container where the SSL/TLS certificate file is located. The certificate directory must be accessible to the Pulse container user (user-id: 1000). |
| SSL_CERTFILE | ssl.crt | Yes | Name of the SSL/TLS certificate file inside the container. |
| SSL_PASSPHRASE | — | Optional | Specifies the passphrase required to unlock the SSL/TLS private key file, if the key is password-protected. |
| SSL_UI_PORT | 4000 | Yes | Specifies the HTTPS port for accessing the Pulse Web UI. |
| DS_HOST | ad-query-estimation | Yes | Hostname of the query estimation service used by Pulse. |
| OTEL_JAVAAGENT_ENABLED | false | Yes | Enables or disables OpenTelemetry Java Agent for distributed tracing. |
| DS PORT | 8181 | Yes | Port number for the data service (query estimation) that Pulse communicates with. |
| ES USERNAME | - | Yes | Username for connecting to the Elasticsearch service. |
| ES PASSWORD | - | Yes | Password for authenticating with the Elasticsearch service. |
For details on updating and using the SSL options, see Update the SSL Options for UI.