TLS / HTTPS

The gateway supports TLS for external REST communication. It can be enabled by providing a PEM-encoded certificate and private key to the gc_service_hub service. When HTTPS is enabled, HTTP requests will be rejected.

Using systemd

When running under systemd (installed via the .deb / .rpm package), set the TLS paths in the service environment file located at /opt/gc_gateway/gc_gateway.env:

GC_HUB_TLS_CERT=/opt/gc_gateway/cert.pem # Path to the TLS certificate
GC_HUB_TLS_KEY=/opt/gc_gateway/key.pem # Path to the TLS private key
# Optional: restrict or expose the public server binding address
# GC_HUB_BIND_HOST=localhost

Then restart the service:

systemctl restart gc_service_hub.service

Manually running the service_hub

Pass the paths to the PEM-encoded certificate and private key at startup:

./gc_service_hub --tls-cert /opt/gc_gateway/cert.pem --tls-key /opt/gc_gateway/key.pem

The equivalent environment variables are GC_HUB_TLS_CERT and GC_HUB_TLS_KEY:

export GC_HUB_TLS_CERT=/opt/gc_gateway/cert.pem
export GC_HUB_TLS_KEY=/opt/gc_gateway/key.pem
./gc_service_hub

Both flags must be provided together — specifying only one is an error.