SSL
Outline should always be exposed over HTTPS whether over the wider internet or your internal network. Several methods for achieving this are supported:
Reverse Proxy
If you do not have your own certificate and would like to have one generated automatically via LetsEncrypt then we recommend using the https-portal docker image. If you’re following the instructions from our on-prem repository then this will be provisioned automatically, as long as your server is accessible to the internet at the url specified during the installation process then there is nothing else to do.
You can also setup your own reverse proxy with nginx, for Outline to work correctly you must ensure that websockets are forwarded through the proxy. This type of advanced deployment is outside the scope of this documentation.
The following options are available in all editions from v0.62.0 onwards
Certificate (Environment Variables)
If you have your own certificate then it can be provided via environment variables. To pass as an environment variable your key and certifica`te must be base64 encoded. You can use the following command to do so:
openssl base64 -in <infile> -out <outfile>
Then use the base64 encoded values from the generated files for the private key and public certificate with SSL_KEY and SSL_CERT variables respectively.
Certificate (File System)
If you have your own certificate then it can also be provided via the file system. Outline looks for the files private.pem and public.pem in the root of the installation. When using the Docker image you will need to mount these files into the container. Using docker compose the following syntax would be correct where private.pem and public.pem are the relative location on your host system.
outline:
image: outlinewiki/outline
ports:
- "443:443"
- "80:80"
volumes:
- type: bind
source: ./private.pem
target: /opt/outline/private.pem
read_only: true
- type: bind
source: ./public.pem
target: /opt/outline/public.pem
read_only: trueYou’ll also need to update your environment variables to tell Outline to use the SSL port:
PORT=443