SSL certificate for Kobo with letsencrypt on private domain

Hi all, I don’t know if this is a off-topic question, but we are trying to set-up SSL certificate on our kobo installation which is based on a private domain.

We can use Certbot’s plugin dns-dnsmadeeasy to validate the private domain, and we have done on our one such project.

Just wanted to know if there are any ways we can use SSL on our kobo-installation using letsencrypt if we are on the private domain. Any help regarding this is always appreciated.
Thanks.

Hi @ryanend
Thanks for this query. I have asked our developers and also edited your topic to reside within KoBo On Your Own Server to allow for more discussions among advanced users.

Stephane

1 Like

Hi,
Just confirm whether you have a public domain that resolves to a private IP address. In essence, the domain has to be public for it to work.

Regardless, you should do the following:

  1. set up your own NGINX instance using your SSL certificate (it doesn’t matter how you obtain it)

  2. look at https://github.com/kobotoolbox/kobo-install/blob/master/templates/nginx-certbot/data/nginx/app.conf.tpl * using that file as an example, configure a similar proxy_pass on your own NGINX instance

  3. set up kobo-install, and when it asks Auto-install HTTPS certificates with Let's Encrypt?, respond No - Use my own reverse-proxy/load-balancer

  4. when asked about Internal port used by reverse proxy, input the port used in the NGINX proxy_pass configuration, i.e. whatever they filled in for ${NGINX_EXPOSED_PORT}: proxy_pass http://${LOCAL_INTERFACE_IP}:${NGINX_EXPOSED_PORT};

Stephane

1 Like

Thanks a lot @stephanealoo for the prompt response, I’ve now got the SSL cert up and running.

1 Like

Hi @stephanealoo After adding SSL certificate (using reverse proxy) when I try to expose the backend containers but the kobo-install keeps getting stuck at Creating network “kobofe_kobo-fe-network” with driver "bridge"
Also there is nothing mentioned about this in the logs.

The kobo-install completes when I chose not to expose the containers, any help regarding this?
Thanks.

I’ve also tried by changing password for postgres, yet it did not work.

Okay, I couldn’t find the issue but I found a workaround for this.

I had to manually edit the file docker-compose.backend.template.yml to add the ports for mongo and postgres images, and then it worked as expected.

2 Likes

Hi @ryanend
I am glad to know that you found a workaround. I am sure when @jnm has a look he would be able to add in anything on your earlier query.

Stephane

2 Likes