Safe infrastructure setup when services are inside a VPN

Hello there!

I’m working with my team of “Gnosis Guardians” to deploy safe infrastructure on a new chain.

We have some problems with next components: safe-transaction-service and safe-config-service.

As you know those components have “web” container which provide us some Swagger UI and Django Administrator UI console.
To expose “web” container, easy logging and handling errors we’re using Nginx like reverse proxy (virtual server is running on 80 port) with specific nginx.conf and shared Nginx folder between “web” and “nginx” containers.
In our infrastructure we use AWS ECS like environment to run BE and FE services and AWS Application Load Balancer to expose them in public. For Staging environment was decided to hide public URL endpoints for each BE and FE components to make them available via our private VPN.


  • We deployed safe-config-service and safe-transaction-service inside the VPN, but we’ve been experiencing an issue on the Swagger UI provided by the config service, which is not providing other option on the “Scheme” dropdown but “HTTP”.
    Is there any way we could tell the config service to use HTTPs instead of HTTP

  • safe-config-service expects an environment variable CGW_URL to reach the safe-client-gateway component.
    Also, safe-client-gateway has environment variable called “config_service_uri”. As I described above we hide public URL’s in VPN network. Is it possible to use VPN-protected URL’s with HTTP connection?


1 Like