How to Configure SSL (HTTPS) for Exploratory Server
This document explains how you can set up SSL for your Exploratory Server.
1. Place SSL Certificate Files
Place your SSL certificate file and private key file under the “ssl” directory, which is under the “exploratory” directory created by expanding the downloaded compressed file for Exploratory Server.
If you don’t find “ssl” directory under “exploratory” directory, create it and place the SSL certificate file and private key file in it.
Please make sure that the SSL certificate file contains 2 certificate entries, the SSL certificate followed by the intermediate certificate, like the following. If those 2 files are separate, copy the intermediate certificate and paste it after the SSL certificate.
-----BEGIN CERTIFICATE-----
:
(SSL certificate)
:
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
:
(Intermediate certificate)
:
-----END CERTIFICATE-----In the explanations below, we assume that the SSL certificate file is
named fullchain.pem, and the private key file is named
privkey.pem.
2. Configure SSL for Exploratory Server
Update docker-compose.yml
Open the “docker-compose.yml” file under the “exploratory” directory and make the following changes under the “nginx” section.
- Add a line
- './ssl:/etc/nginx/ssl'under the “volumes” section. Please use the text as is. Do not update path names. - Replace the original
- '8080:80'with- '443:443'. This is to make use of the port number 443, the default port number for SSL (HTTPS) connection.
Original configuration in docker-compose.yml:
nginx:
image: 'nginx:1.15.0-alpine'
volumes:
- './default.conf:/etc/nginx/conf.d/default.conf:ro'
...Other configurations...
ports:
- '8080:80'The updated configuration in docker-compose.yml:
Update default.conf
Open the “default.conf” file, which is the configuration file for the nginx web server, under the “exploratory” directory. Make the following changes.
- To make use of the port number 443, which is the default port number
for SSL connection (HTTPS protocol), replace the original
listen 80line withlisten 443 ssl. - To enable SSL, specify the file names for SSL certificate and
private key like the following example. Please replace the file names in
the configuration
fullchain.pem, andprivkey.pemwith the actual file names you are using. Please use the path name (“/etc/nginx/ssl/”) as is. Do not update.
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;- To use “https” as the protocol for the URLs to be generated in the
server (e.g. URL of created Dashboards), instead of “http”, modify the
line
proxy_set_header X-Forwarded-Proto http(Note that there are 5 of such lines.) to beproxy_set_header X-Forwarded-Proto https.
Original configuration in the default.conf:
server {
listen 80;
server_name localhost;
...
location = /schedule {
proxy_pass http://agendash:3001/;
...
proxy_set_header X-Forwarded-Proto http;
}
location /agendash-css/ {
proxy_pass http://agendash:3001/agendash-css/;
...
proxy_set_header X-Forwarded-Proto http;
}
location /agendash-js/ {
proxy_pass http://agendash:3001/agendash-js/;
...
proxy_set_header X-Forwarded-Proto http;
}
location /agendash-api/ {
proxy_pass http://agendash:3001/agendash-api/;
...
proxy_set_header X-Forwarded-Proto http;
}
location / {
proxy_pass http://exploratory:3000/;
...
proxy_set_header X-Forwarded-Proto http;
...
}
}
Updated configuration in the default.conf:
3. Restart Exploratory Server
Once you finish updating the configuration files, restart the Exploratory Server.
docker-compose down
docker-compose up -dOnce it is restarted, access it from the browser using
https:// URL to make sure it works.