configure HTTPS access to ralph 3


we have configured HTTPS access to the ralph 3 web interface but does not work, below is the source code.
server {
listen 80 default_server;
listen [::]:80 default_server;
client_max_body_size 512M;
proxy_set_header Connection “”;
proxy_http_version 1.1;
proxy_connect_timeout 300;
access_log /var/log/nginx/ralph-access.log;
error_log /var/log/nginx/ralph-error.log;

location /static {
    alias /usr/share/ralph/static;
    access_log        off;
    log_not_found     off;
    expires 1M;
    server_name _;
    return 301 https://$host$request_uri;

server {
listen 443 ssl ;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/certificate/nginx-certificate.crt;
ssl_certificate_key /etc/nginx/certificate/nginx.key;
location / {
include /etc/nginx/uwsgi_params;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

1 Like

I know this is an older post, but the container/docker-compose installation uses the stock nginx. Something like this should work as an add-on. I didn’t want nginx listening on 80 as I am using letsencrypt with http challenge (standalone via certbot):

server {
    listen 443 ssl http2;
    server_name my-fqdn;

    # Path to certs
    ssl_certificate /etc/letsencrypt/live/my-fqdn/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/my-fqdn/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MySSL:10m;
    ssl_session_tickets off;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers off;

    # HSTS
    add_header Strict-Transport-Security "max-age=63072000" always;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    # verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /etc/letsencrypt/live/my-fqdn/fullchain.pem;

    # replace with the IP address of your resolver
    location /static {
        alias /opt/static;
        expires 1y;
        access_log off;
        add_header Pragma public;
        add_header Cache-Control "public";

    location /media {
        alias /opt/media;
        add_header Content-disposition "attachment";
        access_log off;

    location / {
        proxy_pass http://web:8000;

        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

    ## rest of config ##
1 Like