SSL Configuration

I want to put https:// on my Ralph, but I can’t do it. I’ve thought about putting a Let’s Encrypt in my Ubuntu 18.04 with Certbot, but I can’t make it work.

In the file /etc/nginx/sites-available/default I put:

server_name cmdb.mydomain. com;

I use the command:
sudo certbot certonly -d cmdb.mydomain.com
But it gives me the following error:

Failed authorization procedure. cmdb.mydomain. com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for cmdb.mydomain. com

I have also tried it by adding www.cmdb.mydomain. com and the result is the same.

Frankly I don’t see any connection of this topic to Ralph since Certbot it a separate tool maintained by a different community. I would recommend asking those folks for help because as Ralph maintainers we are unaware of Certbot’s internals. They seem to have their own forum here: https://certbot.eff.org/support/.

Ok, I put it here in case it was for the Ralph configuration in nginx, because I’ve used Certbot in other places and I haven’t had any problem.
Thanks anyway.

Showing an example for setting up ralph with ssl using certbot/nginx lowers the barrier to entry for new users. While I can figure this out on my own, I’d love to see a guide for this.

1 Like

It is my understanding that in order to include HTTPS support, nginx configuration must be changed accordingly.
I have two questions:

  1. Seems like ralph also listen to port 8000. How can this be disabled to leave only access via 443?
  2. How can I make sure that, whatever change I make in the configuration of nginx, this will not be overwritten next time i update ralph?
    Thank you
    Rosario

Changes made to nginx to listen to 443.
It also had to include a forced redirect from 80 to 443 'cause login windows is always sent to HTTP.

Now trying to bind gunicorn to accept connections ONLY from localhost.

Changing /var/local/ralph/gunicorn.ini from:

bind = os.environ.get(‘GUNICORN_BIND’, ‘0.0.0.0:’ + os.environ.get(‘PORT’, ‘8000’))

to

bind = os.environ.get(‘GUNICORN_BIND’, ‘localhost:’ + os.environ.get(‘PORT’, ‘8000’))

seems not to be enough.
Is there anything else needed to limit connections from localhost only?

yes, changes need to be made on /etc/ralph/conf.d/gunicorn.conf

still, how to preserve those changes from future updates?

It seems that the https:// configuration is broken or hardcoded somewhere.

It keeps redirecting to http:// when a form is submitted or an user logs outl

Is there any howto on how to bring ralph on an encrypted connection? i was able to force it via nginx installed flat on ubuntu, but i was not able to do the static redirections. Ending up with a login screen without any css and media files. SSL is a must have for any software nowadays.

1 Like