Erpnext HTTPS weblogin

Dears ,

i need to make my erpnext web work only in https

not http

how can we acheive this for security ?

thanks a lot

1 Like

hi @sheno

if you use a host name (server_name) to reach out to your erpnext do this…
see your nginx config wich you find in /home/frappe/frappe-bench/config and save a renamed copy (name it nginx_backup.conf to back it up in case something goes wrong with the edit.
Now change the original nginx.conf by appending the following to it at the end of the file make sure you enter the desired server_name (replace “YourHostNameWithoutQotes”) with your servername e.g. erp.next.com
without any http://www or https://www

# http to https redirect
    server {
        listen 80;
            server_name
                    "YourHostNameWithoutQotes"
                    $host
                    ;

        return 301 https://$host$request_uri?$query_string;
    }

that way http should be redirected to https.

after that you have to restart the nginx service

you can spare the $host as that catches all requests to the servers main host name

2 Likes

vim /home/frappe/frappe-bench/config/nginx.conf
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
;
# text/html is always compressed by HttpGzipModule
}

http to https redirect

server {
    listen 80;
        server_name
                erp.fastgrp.net
                $host
                ;

    return 301 https://$host$request_uri?$query_string;
}

==========================
Thanks Dear
But it didnt work

https://erp.fastgrp.net/?This site can’t be reached

erp.fastgrp.net refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

@sheno

This guide should help you get an Let’s Encrypt cert as well as setup https

https://frappe.github.io/frappe/user/en/bench/guides/lets-encrypt-ssl-setup.html

The request message was malformed :: Error creating new authz :: Name does not end in a public suffix

Hi,
Spot on @spa
Just wanted to point out though (incase any one stumbles on this) that a check should be done first before returning a 301 as this will constantly redirect to https even if an https://sitename is visited

if ($scheme = http) { return 301 https://$host$request_uri?$query_string; }

it didnt want to complete i got error:

frappe@erpnext:~/frappe-bench$ sudo -H bench setup lets-encrypt erpnext.vm --custom-domain erp.fastgrp.net
No custom domain named erp.fastgrp.net set for site
frappe@erpnext:~/frappe-bench$ sudo -H bench setup lets-encrypt erpnext.vm
Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
WARNING: The standalone specific supported challenges flag is deprecated.
Please use the --preferred-challenges flag instead.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.
There was a problem trying to setup SSL for your site

frappe@erpnext:~/frappe-bench$ sudo -H bench setup --preferred-challenges lets-encrypt erpnext.vm
Error: no such option: --preferred-challenges

huh, didnt know that @bomsy - makes sense though but I thought it checks that anyway
thanks for pointing it out… gonna change it in my config

i made a certficate
i dont know where should exactly
embedded ?
it didnt work if i embded in

$ cd frappe-bench/sites/{{ site_name }}
is there any other place

@sheno

Have you looked at this:

https://frappe.github.io/frappe/user/en/bench/guides/configuring-https

1 Like

Hi @spa
No need changing it, you are right… it checks that anyway. Although I had an issue with mine a while ago and changing it to include the if statement solved it (maybe an unrelated fault of mine). Since it works without the check on yours no pointing altering it… If it ain’t broken…

Dears :slight_smile:
Really this links was som amzing and
i discovered also that i have a big problem that was the main reason for my troubles

my site in erpnext was

erpnext.vm

so this is not a real name so it cant accept a certficate
so what i have done is
created a new site with my real domain

erp.fastgrp.net

and i drop the erpnext.vm site

and transfer the database and private and public file to the new container site

then i use the certficate and it works

now

erp.fastgrp.net is a green https

thanks a lot dears for your guide and help

…dont fix it - cheers @bomsy :wink:
I think my trick is to listen to the port rather then the sitename/Hostname
maybe it only does a scheme check if you listen to port since certain ports normaly mean certain protokolls/schemes… but it would require to invoke the scheme check if listened to hostname/sitename since that could potentially have any scheme
@sheno - our pleasure

1 Like