we have configured HTTPS access to the ralph 3 web interface but does not work, below is the source code.
server {
listen 80 default_server;
listen [::]:80 default_server;
client_max_body_size 512M;
proxy_set_header Connection “”;
proxy_http_version 1.1;
proxy_connect_timeout 300;
access_log /var/log/nginx/ralph-access.log;
error_log /var/log/nginx/ralph-error.log;
I know this is an older post, but the container/docker-compose installation uses the stock nginx. Something like this should work as an add-on. I didn’t want nginx listening on 80 as I am using letsencrypt with http challenge (standalone via certbot):
server {
listen 443 ssl http2;
server_name my-fqdn;
# Path to certs
ssl_certificate /etc/letsencrypt/live/my-fqdn/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/my-fqdn/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MySSL:10m;
ssl_session_tickets off;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/my-fqdn/fullchain.pem;
# replace with the IP address of your resolver
resolver 1.1.1.1;
location /static {
alias /opt/static;
expires 1y;
access_log off;
add_header Pragma public;
add_header Cache-Control "public";
}
location /media {
alias /opt/media;
add_header Content-disposition "attachment";
access_log off;
}
location / {
proxy_pass http://web:8000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
## rest of config ##
}