How-to | Choose an SSL strategy#

You can manage the TLS certificates associated with each Dataiku instance linked to the virtual network.

  1. In HTTPS strategy, choose a strategy:

    • None (HTTP) only. Does not manage TLS at all. The Dataiku instance is only accessible via the HTTP (80) port.

    • Self-signed certificates. Each Dataiku instance will have a self-signed certificate created automatically.

    • Enter a certificate/key for each instance. Select this strategy if you prefer to manage the certificates yourself. You’ll need to specify a certificate and key per each instance in the instance’s settings.

    • Generate certificates using Let’s Encrypt. This strategy leverages “Let’s Encrypt” to generate certificates for each instance. “Let’s Encrypt” needs to be able to complete the DNS challenge to create a certificate. To allow this, you’ll need to configure the Route53 Zone Id for public IP in the DNS strategy. This strategy automatically renews the certificate before it expires.

      • Enter an email address in Contact Mail.

  2. In HTTP strategy, choose a strategy:

    • HTTP port is disabled.

    • HTTP port redirects to HTTPs. This is the recommended option.

When modifying a virtual network template or creating a new network template, Fleet Manager deploys the virtual network in AWS.

You can manage the TLS certificates associated with each Dataiku instance linked to the virtual network.

  1. In HTTPS strategy, choose a strategy:

    • None (HTTP) only. Does not manage TLS at all. The Dataiku instance is only accessible via the HTTP (80) port.

    • Self-signed certificates. Each Dataiku instance will have a self-signed certificate created automatically.

    • Enter a certificate/key for each instance. Select this strategy if you prefer to manage the certificates yourself. You’ll need to specify a certificate and key per each instance in the instance’s settings.

    • Generate certificates using Let’s Encrypt. This strategy leverages “Let’s Encrypt” to generate certificates for each instance. “Let’s Encrypt” needs to be able to complete the DNS challenge to create a certificate. To allow this, you’ll need to configure the Azure Dns Zone Id in the DNS strategy. This strategy automatically renews the certificate before it expires.

      • Enter an email address in Contact Mail.

  2. In HTTP strategy, choose a strategy:

    • HTTP port is disabled.

    • HTTP port redirects to HTTPs. This is the recommended option.

When modifying a virtual network template or creating a new network template, Fleet Manager deploys the virtual network in Azure.