From Intelligent Voice version 6.0, internal communication between containers relies on certificates signed by an internal CA created by the IV installer, with domain name *.intelligentvoice.ivlocal. This makes it difficult to use a different certificate for the IV API without breaking the internal communication.
To make the IV API and JumpToWeb available with a certificate that external applications can trust, such as public CA like LetsEncrypt, or a CA run by your organisation, IV recommends you add a proxy server in front of these IV applications.
Acquire the certificate and key from your CA in pem file format.
Configure your DNS so that the hostname shown on the certificate resolves to your IV server.
Steps to set up nginx container as reverse proxy
This can be done on the same server as the IV API and JumpToWeb, or a different server. If using a different server, note the different hostnames required for nginx.conf.
Change jumptoweb listening port from 443 to 2443
Edit config file
Put the trusted server certificate and server key to a location, for example
Create nginx configuration file (eg.
/opt/intelligent-voice/data/nginx/nginx.conf) which stores the configuration for proxy redirect. Parameters need to change:
<hostname>(this should match the hostname on the certificate)
<hostname-of-jumptoweb>(can be same server or different server)
<hostname-of-vrx-servlet>(can be same server or different server)
Location of the server cert/key files inside the container
Create docker-compose file
/opt/intelligent-voice/docker-compose.nginx.ymlwhich stores the container configuration (mapping of local directories and ports opening):
Create nginx service file
Restart jumptoweb and start nginx service
Enable nginx service
You can now test that your trusted certificate is being served by both the IV API and the JumpToWeb site.
The addresses to test will be:
This should prompt you for API credentials then show you the IV version
This should show you a web page allowing you to log in to JumpToWeb like this:
Both these links should now be using your trusted certificate