hi @lakshminarayana ! Welcome to our community.
Our documentation usually doesn’t cover the SSL/TLS side of the deployment for two main reasons:
1 - Usually, self deployments will not expose Weaviate directly. Their applications will be exposed. but not Weaviate.
2 - Whenever there is a reason to expose Weaviate under a SSL/TLS connection, one can use a variety of reverse proxies, load balancers and so on.
I have crafted here a gist on how to deploy Weaviate, with a single node, using docker compose and properly exposing it using traefik:
According to this docker compose, this is how you would connect to it:
client = weaviate.connect_to_custom(
http_host="weaviate.yourcompany.com",
http_port=443,
http_secure=True,
grpc_host="grpc.weaviate.yourcompany.com",
grpc_port=50051,
grpc_secure=True
)
If running on a VPS, you will need to have both weaviate.yourcompany.com and grpc.weaviate.yourcompany.com pointing to the public IP of this VPS.
Here the content of the docker compose as of now:
---
services:
weaviate:
command:
- --host
- 0.0.0.0
- --port
- '8080'
- --scheme
- http
image: cr.weaviate.io/semitechnologies/weaviate:1.25.5
# uncomment only if you want to connect unnsecured
#ports:
#- 8081:8080
#- 50052:50051
volumes:
- weaviate_data:/var/lib/weaviate
restart: on-failure:0
environment:
QUERY_DEFAULTS_LIMIT: 25
AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'true'
PERSISTENCE_DATA_PATH: '/var/lib/weaviate'
DEFAULT_VECTORIZER_MODULE: 'none'
ENABLE_MODULES: 'text2vec-cohere,text2vec-huggingface,text2vec-palm,text2vec-openai,generative-openai,generative-cohere,generative-palm,ref2vec-centroid,reranker-cohere,qna-openai'
CLUSTER_HOSTNAME: 'node1'
labels:
- "traefik.enable=true"
# http
- "traefik.http.services.weaviate_http_service.loadbalancer.server.port=8080"
- "traefik.http.routers.weaviate_http_router.rule=Host(`weaviate.yourdomain.com`)"
- "traefik.http.routers.weaviate_http_router.entrypoints=websecure"
- "traefik.http.routers.weaviate_http_router.service=weaviate_http_service"
- "traefik.http.routers.weaviate_http_router.tls.certresolver=myresolver"
# # grpc
- "traefik.http.services.weaviate_grpc_service.loadbalancer.server.scheme=h2c"
- "traefik.http.services.weaviate_grpc_service.loadbalancer.server.port=50051"
- "traefik.http.routers.weaviate_grpc_router.rule=Host(`grpc.weaviate.yourdomain.com`)"
- "traefik.http.routers.weaviate_grpc_router.entrypoints=grpc"
- "traefik.http.routers.weaviate_grpc_router.service=weaviate_grpc_service"
- "traefik.http.routers.weaviate_grpc_router.tls.certresolver=myresolver"
traefik:
#image: "traefik:v2.11"
image: "traefik:v3.0.3"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.grpc.address=:50051"
- "--providers.docker"
- "--api"
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=you@yourcompany.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "50051:50051"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
volumes:
weaviate_data:
...
let me know if this helps 