Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
SCIM Bridge Setup
Hello,
I am trying to set up the scim bridge through docker-compose and the server is in a private subnet and it's not publicly exposable. When I configure it to the DNS, I get the below error.
...
hemal_g_1p
1Password Team
1Password TeamHi @bathrinarayanan ,
Thanks for reaching out.
Based on the error you've provided, it sounds like there's an issue with TLS.
Are you using the Let's Encrypt certificate management built into the SCIM bridge to handle the TLS certificate or are you bringing your own certificate? A couple thoughts:
If you are using your own TLS certificate, have you set the "OP_LETSENCRYPT_DOMAIN" variable in scim.env to an empty string and configured "OP_PORT" to listen for traffic on the correct port for your networking environment. Your SCIM bridge will listen on port 3002 by default (or another port specified using the OP_PORT environment variable) for unencrypted traffic redirected from the the TLS endpoint. See the brief documentation on our GitHub repo
If you are using the Let's Encrypt features built into the SCIM bridge to handle TLS and manage the certificate, Let's Encrypt needs to perform handshakes with the SCIM bridge's certificate manager component to handle the initial certificate issuance and subsequent renewals. Let's Encrypt uses dynamic IP addresses for this, make sure your firewall rules are not blocking port 443.
You can definitely host Scim bridge in private subnet with the Load balancer in a public subnet.
Feel free to share anymore queries/concerns around the same.
