How to Configure SSL (HTTPS) for Exploratory Server

This document explains how you can set up SSL for your Exploratory Server.

1. Place SSL Certificate Files

Place your SSL certificate file and private key file under the "ssl" directory, which is under the "exploratory" directory created by expanding the downloaded compressed file for Exploratory Server.

If you don't find "ssl" directory under "exploratory" directory, create it and place the SSL certificate file and private key file in it.

Please make sure that the SSL certificate file contains 2 certificate entries, the SSL certificate followed by the intermediate certificate, like the following. If those 2 files are separate, copy the intermediate certificate and paste it after the SSL certificate.

-----BEGIN CERTIFICATE-----
            :
    (SSL certificate)
            :
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
            :
  (Intermediate certificate)
            :
-----END CERTIFICATE-----

In the explanations below, we assume that the SSL certificate file is named fullchain.pem, and the private key file is named privkey.pem.

2. Configure SSL for Exploratory Server

Update docker-compose.yml

Open the “docker-compose.yml” file under the “exploratory” directory and make the following changes under the “nginx” section.

Add a line - './ssl:/etc/nginx/ssl' under the “volumes” section. Please use the text as is. Do not update path names.
Replace the original - '8080:80' with - '443:443'. This is to make use of the port number 443, the default port number for SSL (HTTPS) connection.

Original configuration in docker-compose.yml:

  nginx:
    image: 'nginx:1.15.0-alpine'
    volumes:
      - './default.conf:/etc/nginx/conf.d/default.conf:ro'

    ...Other configurations...

    ports:
      -  '8080:80'

The updated configuration in docker-compose.yml:

Update default.conf

Open the "default.conf" file, which is the configuration file for the nginx web server, under the "exploratory" directory. Make the following changes.

To make use of the port number 443, which is the default port number for SSL connection (HTTPS protocol), replace the original listen 80 line with listen 443.
To enable SSL, add ssl on;. Also, specify the file names for SSL certificate and private key like the following example. Please replace the file names in the configuration fullchain.pem, and privkey.pem with the actual file names you are using. Please use the path name ("/etc/nginx/ssl/") as is. Do not update.

    ssl on;
    ssl_certificate    /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key    /etc/nginx/ssl/privkey.pem;

To use "https" as the protocol for the URLs to be generated in the server (e.g. URL of created Dashboards), instead of "http", modify the line proxy_set_header X-Forwarded-Proto http (Note that there are 5 of such lines.) to be proxy_set_header X-Forwarded-Proto https.

Original configuration in the default.conf:

 server {
    listen       80;
    server_name  localhost;
        
    ...
        
    location = /schedule {
        proxy_pass http://agendash:3001/;
        ...
        proxy_set_header X-Forwarded-Proto http;
    }
    location /agendash-css/ {
        proxy_pass http://agendash:3001/agendash-css/;
        ...
        proxy_set_header X-Forwarded-Proto http;
    }
    location /agendash-js/ {
        proxy_pass http://agendash:3001/agendash-js/;
        ...
        proxy_set_header X-Forwarded-Proto http;
    }
    location /agendash-api/ {
        proxy_pass http://agendash:3001/agendash-api/;
        ...
        proxy_set_header X-Forwarded-Proto http;
    }
    location / {
        proxy_pass http://exploratory:3000/;
        ...
        proxy_set_header X-Forwarded-Proto http;
        ...
    }
}

Updated configuration in the default.conf:

3. Restart Exploratory Server

Once you finish updating the configuration files, restart the Exploratory Server.

docker-compose down
docker-compose up -d

Once it is restarted, access it from the browser using https:// URL to make sure it works.