Good morning,
We have a Docker Desktop installed on Windows 2025 that’s on prem and no internet access, only intranet. I am trying to connect frappe to Microsoft 365 mail services OAuth using this tutorial. The problem its requiring https for the Redirect URI. For the life of me I cannot find the setting anywhere to enable it through the browser gui, attach certs etc. I’ve read a bunch of posts all more or less debating on ways to accomplish this and mostly all on different Linux distros.
- Where do I enable the https protocol within gui?
- Is there a place to upload certs via the gui?
- Is there a Windows based procedure for this?
Thank you
For this you need internet for sure as its “public” URI
Your options are Cloudflare (temp), ngrok (temp) and tailscale funnel (permanent)
I have tried it on Windoows 11 but not server - you may need to disable some security features there so not sure of your IT policies
I can self-generate the certs local I should be able to get it to work. At least in theory anyway. I’ve setup many https sites on intranet before. Is it the way frappe is built to not allow https unless on a cloud-based solution?
Have you tried setting host_name to complete host url with https in site_config.json
I have not but will give that a shot.
Connecting my internal server to Azure cloud services where AD is located for using oath for checking the frappe mailbox. With MFA we cannot achieve this under normal circumstances because the user would have to enter MFA and if it’s a service account there is no way to do that.
Are you willing to put your erpnext server on the same server that connects to Azure cloud?
Following up with this. Because I am still trying to get this to work, I rebuilt the system and used the docker installation from here using these commands under self-hosted. Which worked great.
git clone https://github.com/frappe/frappe_docker
cd frappe_docker
docker compose -f pwd.yml up -d
installed nginx
generated the certs and copied them to the /etc/nginx/conf.d/ssl
Found this tutorial Configuring HTTPS
Now I am the step of “Setup nginx config” and the command bench doesn’t work. Bench not found.
When installing frappe via the docker command listed above bench is not installed. After reading this it seems I need to install bench which redirects to me to Installation where its a completely manual installation of frappe. In order for this to work I have to install phyton, mariadb, curl, wkhtmltopdf just to get to PIP to install bench.
The confusing part is that if the system is already running wouldn’t installing all of those mess up the current frappe setup?
if you want https and you dont have a static ip address (e.g. behind CGNAT or dynamic ip) use tailscale funnel in 6b at Creating new custom app in the dockerized instance is not possible · Issue #1640 · frappe/frappe_docker · GitHub
if you have a static ip then use the above mentioned by @revant_one
Maybe I need ask this question before continuing. When the system checks a mailbox for new emails, if it finds a new email related to for example a request for quote, will it take the information from the email and somehow integrate that into the quote process?
For example,
I send the quote, the seller responds via email and the information from his response gets added to the quote history.
Just making sure what I am attempting is even worth the effort.
Thanks
Hi @richbcph,
To address your concern regarding enabling HTTPS for Microsoft 365 OAuth in a Dockerized Frappe setup without internet access:
-
Docker and HTTPS Configuration: In Docker Desktop on Windows, enabling HTTPS typically requires configuring nginx (or a similar reverse proxy) to serve traffic over HTTPS. This involves generating SSL certificates (using self-signed or valid certificates) and configuring nginx to use them. Unfortunately, Frappe’s Docker setup doesn’t automatically handle HTTPS out of the box.
-
Steps to enable HTTPS:
-
You’ll need to configure nginx inside your container to handle HTTPS.
-
Create or acquire a valid SSL certificate, or use self-signed certificates.
-
Once the certificates are available, update the nginx configuration file to enable SSL (found in /etc/nginx/ssl or /etc/nginx/conf.d/ depending on the Docker setup).
-
Then, make sure your nginx configuration is set to redirect HTTP traffic to HTTPS.
-
Self-signed certificates: Since you are on a local network (intranet only), you can generate a self-signed certificate for HTTPS. You can use the following commands on the Docker host (Windows machine):
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
After generating the certificate, mount the certificates to the Docker container and update the nginx config to use them.
-
No internet access: Without internet access, you’ll need to ensure that all dependencies (like SSL certificates and nginx) are manually available or stored locally.
-
Regarding uploading certificates via GUI: In the case of Docker Desktop, there is no direct GUI option to upload SSL certificates. You will need to configure it via the terminal or modify the Docker container setup files. Once your nginx config is ready, you can restart the container to apply the changes.
About Email Integration (for leads/quotations)
As for the email integration, once you’ve set up HTTPS and OAuth for Microsoft 365, you can connect the system to retrieve emails automatically. ERPNext can integrate with your email inbox via IMAP, and the system will automatically fetch and link incoming emails to the correct sales process.
For example:
-
If an email comes in with a quotation request, ERPNext can automatically convert it into a lead or link it to an existing quotation.
-
When the vendor replies, ERPNext can add the reply to the quotation’s communication history.
You’ll need to configure Email Accounts under the ERPNext Email Integration settings and ensure that incoming emails are mapped to relevant documents (like Sales Orders, Leads, or Quotations).
This integration saves time by keeping all communication in one place and ensures the process is more streamlined.
Let me know if you need more guidance on configuring the email account and linking emails to quotes!
Great thank you! In one of my replies, I stated I rebuilt the system. I should have mentioned that its now running Ubuntu with docker. Not running desktop docker anymore.
Does your directions still work with the ubuntu setup? Do the comments appear in the comments section below the quote (red circle below)?
Thank you
Hi @richbcph,
Yes — your move to Ubuntu with Docker actually makes things simpler and more standard, and the guidance still applies.
1) HTTPS on Ubuntu + Docker
Everything mentioned before works the same way (and usually better) on Ubuntu:
-
HTTPS is handled outside Frappe, typically by nginx acting as a reverse proxy
-
Certificates (self-signed or trusted) are configured at the nginx level
-
Frappe itself does not manage HTTPS, regardless of OS or Docker setup
So whether it was Docker Desktop on Windows or Docker on Ubuntu, the principle is the same:
HTTPS lives in nginx / reverse proxy, not in the Frappe UI
2) Do email replies appear in the Comments / Activity section?
Yes, they do — but with an important clarification.
When email integration is configured correctly:
-
Incoming and outgoing emails are stored as Communication records
-
These appear in the Comments / Activity timeline of the document (the area you marked in red)
-
Email replies are not merged into the main document fields
-
They remain part of the communication history (which is intentional)
So in your example (RFQ / Quotation):
-
Supplier replies by email
-
ERPNext fetches the email
-
The reply shows up in Comments / Activity, linked to that RFQ or Quotation
This gives you:
Summary
-
Ubuntu + Docker works perfectly (and is the preferred setup)
-
HTTPS setup is the same conceptually
-
Email replies do appear in the Comments / Activity section
-
This setup is worth the effort if email-driven workflows matter to you
You’re on the right track.
That is absolutely great news. I will start tackling nginx again and see what I come up with!
Thanks again!
1 Like
OK to follow up with this I was successful in getting nginx to work and redirect to the https. After reviewing this oath article on doc.frappe and making the necessary changes I can get the configuration to be accepted. The problem is the Redirect Uri is not correct. It’s got http instead of https.
example: http://myserver/api/method/frappe.integrations.doctype.connected_app.connected_app.callback….
should be: httpS://myserver/api/method/frappe.integrations.doctype.connected_app.connected_app.callback….
Reviewing the Azure App the redirect URI is correct: httpS://myserver/api/method/frappe.integrations.doctype.connected_app.connected_app.callback….
When I enter the OpenID Configuration URL the Redirect URI is automatically inserted and not editable. I must be missing something here. Is the Redirect URI pulling from the local system and not Azure App? Or did I miss something in the Azure App configuration.
The error I get from Microsoft when attempting to “Connect to M365” (noting the missing “S” in http):
Sorry, but we’re having trouble signing you in.
AADSTS50011: The redirect URI 'http://myserver/api/method/frappe.integrations.doctype.connected_app.connected_app.callback...' specified in the request does not match the redirect URIs configured for the application '#################'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
Thanks
set host_name in site_config to https://yourserver
OK I found it and
{
“db_name”: “xxxxxxx”,
“db_password”: “xxxxxxx”,
“db_type”: “mariadb”
“host_name”: “https://myserver”,
}
I assume that is the correct syntax for the host name? When I click the Connect to M365 I get the same incorrect url.
