Skip to content

HTTPS Configuration (Optional)

Enabling HTTPS in Router

The application uses Nginx as a router for handling HTTP/HTTPS requests. By default, the application runs on HTTP. To enable HTTPS, you need to modify the Nginx configuration.

Prerequisites

  • DNS A Records: Properly configured DNS A records pointing to your server's IP address.
  • SSL Certificates: To enable HTTPS, you need:
  • A valid SSL certificate (.crt file).
  • The corresponding SSL certificate key (.key file).

Nginx Configuration Directory

The Nginx configuration files are located in the router directory under the application's installation path. This directory is mounted into the Nginx container using the Docker Compose configuration.

Example Nginx Configuration for HTTPS

Below is an example of the relevant part of the Nginx configuration file. To enable HTTPS, uncomment the necessary lines and comment out the HTTP lines:

Nginx Configuration File
### UNCOMMENT THE LINES BELOW TO CONVERT APPLICATION TO HTTPS

# Redirect all HTTP traffic to HTTPS
#server {
#    listen 80;
#    # Redirect HTTP to HTTPS
#    return 301 https://$server_name$request_uri;
#}

server {
    listen 80 default_server; # COMMENT THIS LINE IF ENABLING HTTPS
#   listen 443 ssl default_server; # UNCOMMENT THIS LINE TO ENABLE HTTPS

#   ssl_certificate /etc/nginx/conf.d/test_netfein.crt; # UNCOMMENT THIS LINE TO SPECIFY SSL CERTIFICATE
#   ssl_certificate_key /etc/nginx/conf.d/test_netfein.key; # UNCOMMENT THIS LINE TO SPECIFY SSL KEY
}

Steps to Enable HTTPS

1. Place the Certificates

Copy your certificate files (.crt and .key) to the router directory.

2. Edit default.conf

Open the default.conf file in a text editor. Uncomment the pre-configured HTTPS lines by removing the # at the beginning. Comment out any unnecessary HTTP lines by adding a # at the start of the line.

3. Update SSL Certificate Paths

Update the ssl_certificate and ssl_certificate_key paths in the default.conf file to match the names and locations of the certificate files you placed in the router directory. For example:

Text Only
ssl_certificate /etc/nginx/conf.d/example.crt;
ssl_certificate_key /etc/nginx/conf.d/example.key;

4. Restart the Router

After making these changes, restart the router service using the following command:

Bash
docker compose restart router

5. Update Hostname Configuration

After switching to HTTPS, some applications may require reconfiguration. Set the hostname according to your DNS address. Refer to the Hostname Configuration section for details.

6. Update Keycloak HTTPS Configuration

If your setup uses HTTPS, you must update the Keycloak service configuration in the docker-compose.yml file. Follow these steps:

1. Open the docker-compose.yml file with a text editor.

2. Locate the Keycloak service configuration block.

3. Update the command block as shown below:

YAML
command: start --import-realm
4. Update the KC_HOSTNAME and KC_PROXY environment variables to your hostname and uncomment the HTTPS-related lines in the configuration. Save the changes and restart the service.

7. Update Keycloak Configuration

Update the datafocusId client in Keycloak. Follow the instructions in the Keycloak Configurations section to complete the update.

Once these configurations are complete, you can access Data Focus over HTTPS at:

Text Only
https://<hostname>