I have tried to install kobotoolbox on my server but get an error 499 whenever I select to use https. I have therefore opted to install using http and install my own certificates. I have placed the certificates in the nginx/secrets folder and restarted the containers but still canβt access the server using https. What other configurations do I need to change to make the server accessible over https?
HTTPS certificates must be installed on a Reverse Proxy. KoBoInstall can install one and use Let's Encrypt to generate certificates thanks to nginx-certbot project
So nginx-certbot containers should handle certificates for you. You donβt have to create them on your own. Be sure to have ports 80 and 443 opened. If it doesnβt work, there may be an issue with your settings.
If you do want to use your own certificates, you need to choose Advanced options when running KoBoInstall setup. (python run.py --setup). Then, choose
Do you want to use HTTPS: 1
Auto-install HTTP certificaes with Letβs Encrypt? 2
Do you want to use HTTPS?
1) Yes
2) No
[2]: 1
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Please note that certificates must be installed on a reverse-proxy β
β or a load balancer. β
β KoBoInstall can install one, if needed. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Auto-install HTTPS certificates with Let's Encrypt?
1) Yes
2) No - Use my own reserve-proxy/load-balancer
[2]: 2
Internal port used by reverse proxy is 8080.
On your reverse proxy server, be sure to use port 8080 for the KoBo-docker proxied server.
Internet β (80,443) β Proxy β (8080) β KoBo Nginx
Also, you need to set X-Forwarded-Proto header to https
e.g with NGINX: proxy_set_header X-Forwarded-Proto https;
Donβt try to add your certificates to nginx/secrets.
The NGINX container of kobo-docker doesnβt handle HTTPS certifcates anymore in favor of the Let's Encrypt solution provided by nginx-certbot project.
The folder should be removed soon.
Sorry for the confusion.
I would like to follow up on that question, while weβre facing the same question.
From the beginning: We were running an instance installed by using kobo-install and set up https via Letβs Encrypt. After a while we got blocked by Letβs Encrypt due to too many certificate renewal requests and we canβt figure out which element of Kobo has caused that problem.
Since we have own certificates that we would like to use instead of Letβs Encrypt.
Our IT now has tried to set up the installation according to @OlivierL 's instructions but it wonβt work.
Out of this I have one question and one issue to report:
Question: Where to put the certificates on the reverse proxy, so kobo may find it?
Issue: Having set up the latest version (details see below) with kobo-install while denying to use Letβs Encrypt, the containers wonβt start at all. Any thoughts on this?
NGINX (from kobo-docker container) does not need to know where the certificates are located because all the internal requests are made with HTTP. (Inside docker network).
When a request is made to external endpoint (such as: https://kc.yourdomain.tld, https://kf.yourdomain.tld or https://ee.yourdomain.tld), it calls the reverse proxy (which redirects the traffic on HTTP behind the scene to the NGINX - kobo-docker- container.
So the certificate must installed on the reverse proxy.
You can have a look at this thread, an user pasted is config file for a reverse proxy with Apache.
As I said before, certbot container should renew the certificate for you. If it doesnβt, it means there is an issue. To narrow down the problem, can you confirm you have ports 80 and 443 opened on your server?