I have tried to install kobotoolbox on my server but get an error 499 whenever I select to use https. I have therefore opted to install using http and install my own certificates. I have placed the certificates in the nginx/secrets folder and restarted the containers but still can’t access the server using https. What other configurations do I need to change to make the server accessible over https?
- HTTPS certificates must be installed on a Reverse Proxy.
KoBoInstall can install one and use
Let's Encrypt to generate certificates thanks to nginx-certbot project
nginx-certbot containers should handle certificates for you. You don’t have to create them on your own. Be sure to have ports
443 opened. If it doesn’t work, there may be an issue with your settings.
If you do want to use your own certificates, you need to choose
Advanced options when running
KoBoInstall setup. (
python run.py --setup). Then, choose
- Do you want to use HTTPS: 1
- Auto-install HTTP certificaes with Let’s Encrypt? 2
Do you want to use HTTPS?
║ Please note that certificates must be installed on a reverse-proxy ║
║ or a load balancer. ║
║ KoBoInstall can install one, if needed. ║
Auto-install HTTPS certificates with Let's Encrypt?
2) No - Use my own reserve-proxy/load-balancer
Internal port used by reverse proxy is 8080.
On your reverse proxy server, be sure to use port
8080 for the
KoBo-docker proxied server.
Internet <-> (80,443) <-> Proxy <-> (8080) <-> KoBo Nginx
Also, you need to set
X-Forwarded-Proto header to
e.g with NGINX:
proxy_set_header X-Forwarded-Proto https;
Don’t try to add your certificates to
NGINX container of
kobo-docker doesn’t handle HTTPS certifcates anymore in favor of the
Let's Encrypt solution provided by nginx-certbot project.
The folder should be removed soon.
Sorry for the confusion.
I would like to follow up on that question, while we’re facing the same question.
From the beginning: We were running an instance installed by using kobo-install and set up https via Let’s Encrypt. After a while we got blocked by Let’s Encrypt due to too many certificate renewal requests and we can’t figure out which element of Kobo has caused that problem.
Since we have own certificates that we would like to use instead of Let’s Encrypt.
Our IT now has tried to set up the installation according to @nolive 's instructions but it won’t work.
Out of this I have one question and one issue to report:
Question: Where to put the certificates on the reverse proxy, so kobo may find it?
Issue: Having set up the latest version (details see below) with kobo-install while denying to use Let’s Encrypt, the containers won’t start at all. Any thoughts on this?
Thanks in advance
kobo-docker container) does not need to know where the certificates are located because all the internal requests are made with HTTP. (Inside docker network).
When a request is made to external endpoint (such as:
https://ee.yourdomain.tld), it calls the reverse proxy (which redirects the traffic on HTTP behind the scene to the NGINX - kobo-docker- container.
So the certificate must installed on the reverse proxy.
You can have a look at this thread, an user pasted is config file for a reverse proxy with Apache.
As I said before, certbot container should renew the certificate for you. If it doesn’t, it means there is an issue. To narrow down the problem, can you confirm you have ports 80 and 443 opened on your server?
Why are you showing Apache config when someone asks about nginx ???