I want to put https:// on my Ralph, but I can’t do it. I’ve thought about putting a Let’s Encrypt in my Ubuntu 18.04 with Certbot, but I can’t make it work.
In the file /etc/nginx/sites-available/default I put:
server_name cmdb.mydomain. com;
I use the command:
sudo certbot certonly -d cmdb.mydomain.com
But it gives me the following error:
Failed authorization procedure. cmdb.mydomain. com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for cmdb.mydomain. com
I have also tried it by adding www.cmdb.mydomain. com and the result is the same.
Frankly I don’t see any connection of this topic to Ralph since Certbot it a separate tool maintained by a different community. I would recommend asking those folks for help because as Ralph maintainers we are unaware of Certbot’s internals. They seem to have their own forum here: https://certbot.eff.org/support/.
Ok, I put it here in case it was for the Ralph configuration in nginx, because I’ve used Certbot in other places and I haven’t had any problem.
Showing an example for setting up ralph with ssl using certbot/nginx lowers the barrier to entry for new users. While I can figure this out on my own, I’d love to see a guide for this.
It is my understanding that in order to include HTTPS support, nginx configuration must be changed accordingly.
I have two questions:
- Seems like ralph also listen to port 8000. How can this be disabled to leave only access via 443?
- How can I make sure that, whatever change I make in the configuration of nginx, this will not be overwritten next time i update ralph?
Changes made to nginx to listen to 443.
It also had to include a forced redirect from 80 to 443 'cause login windows is always sent to HTTP.
Now trying to bind gunicorn to accept connections ONLY from localhost.
Changing /var/local/ralph/gunicorn.ini from:
bind = os.environ.get(‘GUNICORN_BIND’, ‘0.0.0.0:’ + os.environ.get(‘PORT’, ‘8000’))
bind = os.environ.get(‘GUNICORN_BIND’, ‘localhost:’ + os.environ.get(‘PORT’, ‘8000’))
seems not to be enough.
Is there anything else needed to limit connections from localhost only?
yes, changes need to be made on /etc/ralph/conf.d/gunicorn.conf
still, how to preserve those changes from future updates?
It seems that the https:// configuration is broken or hardcoded somewhere.
It keeps redirecting to http:// when a form is submitted or an user logs outl
Is there any howto on how to bring ralph on an encrypted connection? i was able to force it via nginx installed flat on ubuntu, but i was not able to do the static redirections. Ending up with a login screen without any css and media files. SSL is a must have for any software nowadays.