This document explains how you can set up SSL for your Exploratory Server.
Place your SSL certificate file and private key file under the “ssl” directory, which is under the “exploratory” directory created by expanding the downloaded compressed file for Exploratory Server.
If you don’t find “ssl” directory under “exploratory” directory, create it and place the SSL certificate file and private key file in it.
Please make sure that the SSL certificate file contains 2 certificate entries, the SSL certificate followed by the intermediate certificate, like the following. If those 2 files are separate, copy the intermediate certificate and paste it after the SSL certificate.
-----BEGIN CERTIFICATE-----
:
(SSL certificate)
:
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
:
(Intermediate certificate)
:
-----END CERTIFICATE-----
In the explanations below, we assume that the SSL certificate file is
named fullchain.pem
, and the private key file is named
privkey.pem
.
Open the “docker-compose.yml” file under the “exploratory” directory and make the following changes under the “nginx” section.
- './ssl:/etc/nginx/ssl'
under the “volumes”
section. Please use the text as is. Do not update path
names.- '8080:80'
with
- '443:443'
. This is to make use of the port number 443,
the default port number for SSL (HTTPS) connection.Original configuration in docker-compose.yml:
nginx:
image: 'nginx:1.15.0-alpine'
volumes:
- './default.conf:/etc/nginx/conf.d/default.conf:ro'
...Other configurations...
ports:
- '8080:80'
The updated configuration in docker-compose.yml:
Open the “default.conf” file, which is the configuration file for the nginx web server, under the “exploratory” directory. Make the following changes.
listen 80
line with listen 443 ssl
.fullchain.pem
, and
privkey.pem
with the actual file names you are using.
Please use the path name (“/etc/nginx/ssl/”) as is. Do not
update. ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
proxy_set_header X-Forwarded-Proto http
(Note that
there are 5 of such lines.) to be
proxy_set_header X-Forwarded-Proto https
.Original configuration in the default.conf:
server {
listen 80;
server_name localhost;
...
location = /schedule {
proxy_pass http://agendash:3001/;
...
proxy_set_header X-Forwarded-Proto http;
}
location /agendash-css/ {
proxy_pass http://agendash:3001/agendash-css/;
...
proxy_set_header X-Forwarded-Proto http;
}
location /agendash-js/ {
proxy_pass http://agendash:3001/agendash-js/;
...
proxy_set_header X-Forwarded-Proto http;
}
location /agendash-api/ {
proxy_pass http://agendash:3001/agendash-api/;
...
proxy_set_header X-Forwarded-Proto http;
}
location / {
proxy_pass http://exploratory:3000/;
...
proxy_set_header X-Forwarded-Proto http;
...
}
}
Updated configuration in the default.conf:
Once you finish updating the configuration files, restart the Exploratory Server.
docker-compose down
docker-compose up -d
Once it is restarted, access it from the browser using
https://
URL to make sure it works.