Installing own ssl certificate on Kobo

Hello,

I have tried to install kobotoolbox on my server but get an error 499 whenever I select to use https. I have therefore opted to install using http and install my own certificates. I have placed the certificates in the nginx/secrets folder and restarted the containers but still can’t access the server using https. What other configurations do I need to change to make the server accessible over https?

Hello derricknyakiba,

From the readme.

  1. HTTPS certificates must be installed on a Reverse Proxy. KoBoInstall can install one and use Let's Encrypt to generate certificates thanks to nginx-certbot project

So nginx-certbot containers should handle certificates for you. You don’t have to create them on your own. Be sure to have ports 80 and 443 opened. If it doesn’t work, there may be an issue with your settings.

If you do want to use your own certificates, you need to choose Advanced options when running KoBoInstall setup. (python run.py --setup). Then, choose

  • Do you want to use HTTPS: 1
  • Auto-install HTTP certificaes with Let’s Encrypt? 2
Do you want to use HTTPS?
	1) Yes
	2) No
[2]: 1
╔════════════════════════════════════════════════════════════════════╗
β•‘ Please note that certificates must be installed on a reverse-proxy β•‘
β•‘ or a load balancer.                                                β•‘
β•‘ KoBoInstall can install one, if needed.                            β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
Auto-install HTTPS certificates with Let's Encrypt?
	1) Yes
	2) No - Use my own reserve-proxy/load-balancer
[2]: 2
Internal port used by reverse proxy is 8080.

On your reverse proxy server, be sure to use port 8080 for the KoBo-docker proxied server.

Internet <-> (80,443) <-> Proxy <-> (8080) <-> KoBo Nginx

Also, you need to set X-Forwarded-Proto header to https
e.g with NGINX:
proxy_set_header X-Forwarded-Proto https;

Don’t try to add your certificates to nginx/secrets.
The NGINX container of kobo-docker doesn’t handle HTTPS certifcates anymore in favor of the Let's Encrypt solution provided by nginx-certbot project.
The folder should be removed soon.
Sorry for the confusion.

1 Like