Securing Decisions Container Environment
- 21 Dec 2023
- 1 Minute to read
- Print
- DarkLight
Securing Decisions Container Environment
- Updated on 21 Dec 2023
- 1 Minute to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
This article demonstrates how to secure a Decisions Container Environment by defining the multiple Environment variables.
Reference Article:
To learn more about Decision Environment Variables, refer to the article Decisions Environment Variables.
Securing connection - HTTPS
Ensure that the HTTPS port 443 is open and that the correct certificate has been saved on the system. Following is the list of variables to enable the HTTPS connection.
Local install must manually edit the container's URL in-browser by adding "https://" before the domain name and ":433" after the domain name e.g., "http//:localhost:443".
The browser may display a warning against this redirect. If prompted, select the Advanced button, then select Proceed to continue.
DECISIONS_FORCEBASEURI=<PortalbaseURL>
DECISIONS_ENABLEHTTPS=true
DECISIONS_HTTPSCERTIFICATEPATH=<certificate.pfx>
DECISIONS_HTTPSCERTIFICATEPASSWORD=<Certificate Password>
DECISIONS_ENABLEHTTPTOHTTPSREDIRECTION=true| Variable | Description |
|---|---|
| DECISIONS_FORCEBASEURI | This environment variable must be used if SSL terminates at the Load Balancer. If an ingress controller or load balancer service is in front of containers, this will be used, and no other HTTPS variables need to be configured. |
| DECISIONS_ENABLEHTTPS | This will allow enabling SSL over HTTP |
| DECISIONS_HTTPSCERTIFICATEPATH | Enter the name of the SSL certificate (.pfx format only). By default, this variable will search the certificate in "C:\" |
| DECISIONS_HTTPSCERTIFICATEPASSWORD | Use this variable if the SSL certificate is password-protected |
| DECISIONS_ENABLEHTTPTOHTTPSREDIRECTION | This setting will redirect the connection from HTTP to HTTPS |
Securing Cookies
DECISIONS_DEFAULTSAMESITECOOKIEMODE=<Cookie Value>| Value | Description |
|---|---|
| Strict | Indicates the client should only send the cookie with "same-site" requests. It is a highly secure option. |
| Lax | Indicates the client should send the cookie with "same-site requests and with "cross-site" top-level navigation. It is a default value. |
| None | Indicates the client should disable same-site restrictions. It is the least secure option. |
HSTS
HSTS (HTTP Strict Transport Security) is a web security policy mechanism that forces web browsers to interact with websites only via secure HTTPS connections and never with HTTP.
DECISIONS_ENABLEHTTP=false
DECISIONS_ENABLEHTTPS=true
DECISIONS_ENABLEHSTS=trueHSTS on the Subdomain
To support HSTS on a subdomain, users need to add an optional parameter known as includesubdomain. Users need to define custom headers to add includesubdomain on the Environment Variable. Following is the list of variables to be added to enable HSTS on the Subdomain.
DECISIONS_ENABLEHTTP=false
DECISIONS_ENABLEHSTS=false
DECISIONS_ENABLEHTTPS=true
DECISIONS_CUSTOMHEADERS=[{"Name": "Strict-Transport-Security","Value": "max-age=31536000;includeSubDomains"}]
Was this article helpful?
