Doc to enable HTTPS settings?

tom.tom · January 3, 2025, 12:42pm

Hi everyone,
I am trying to setup HTTPS on my selfhosted docker instance.

Is there a simple documentation to enable https? I don’t need letsencrypt, a simple self signed cert is enough. ERPNext wont be accessible from the internet and I dont want to be visible in cert transparency logs for OPSEC reasons.

Thank you!
Tom

Support-at-ERPgulf · January 4, 2025, 7:09am

**( Commenting with experience of normal installation. not particularly sure about docker )

This is totally in nginx domain ( Nothing do with Frappe configuration ) .
Create your self-signed cert and point it like shown below.

server {
listen 443 ssl;
server_name 192.168.1.100; # Replace with your private IP or hostname

ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

Tufan_Kaynak2 · January 4, 2025, 8:57pm

Do not use direct config of components. Always bench commands is the way to go.
Set site home url with https
Assign custom domain
Run letsencrypt setup from bench for site
İf certsngine is not installed install it via snap and reboot before all

No need to tell that you already need to have dns entries A and CAA configured and have necessary IP routing such as fixed IP an NAT or necessary dynamic DNS functions and NAT

tom.tom · January 4, 2025, 9:11pm

Not really. HTTPS on webservices is a bare minimum requirement. Even traffic between NGNIX and the app should not be plain text.

tom.tom · January 4, 2025, 9:13pm

Thanks. Is there any information available about those bench commands? Never worked with them.

And yes, I do have full control over DNS, NAT, etc. However there is no way way for Let’s encrypt to connect from outside to the host due to security reasons - which is one reason why I am opting for manual enrollment.

revant_one · January 4, 2025, 10:45pm

Anyone trying to help please read this.

Someone else figured it out here Accessing erpnext with https on localhost [Using Caddy]

Tufan_Kaynak2 · January 4, 2025, 11:47pm

How will you validate the certificate?

Support-at-ERPgulf · January 5, 2025, 6:22am

If you are using gunicorn, its now supporting ssl . So create self signed certificate using openssl and configure gunicorn like this.

gunicorn --certfile=server.crt --keyfile=server.key test:app

You can use bind option to run it on different port (
–bind 0.0.0.0:4433 ) , so you can run it behind nginx which runs on 443 .

tom.tom · January 6, 2025, 8:18am

No need to validate it. Access will be handled via Cloudfalre. CF simply uses the self-signed cert.

tom.tom · January 6, 2025, 8:19am

Thanks. I will look into this.

tom.tom · January 6, 2025, 8:19am

Thanks. I will check it out.