Dears ,
i need to make my erpnext web work only in https
not http
how can we acheive this for security ?
thanks a lot
Dears ,
i need to make my erpnext web work only in https
not http
how can we acheive this for security ?
thanks a lot
hi @sheno
if you use a host name (server_name) to reach out to your erpnext do this…
see your nginx config wich you find in /home/frappe/frappe-bench/config and save a renamed copy (name it nginx_backup.conf to back it up in case something goes wrong with the edit.
Now change the original nginx.conf by appending the following to it at the end of the file make sure you enter the desired server_name (replace “YourHostNameWithoutQotes”) with your servername e.g. erp.next.com
without any http://www or https://www
# http to https redirect
server {
listen 80;
server_name
"YourHostNameWithoutQotes"
$host
;
return 301 https://$host$request_uri?$query_string;
}
that way http should be redirected to https.
after that you have to restart the nginx service
you can spare the $host as that catches all requests to the servers main host name
vim /home/frappe/frappe-bench/config/nginx.conf
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
;
# text/html is always compressed by HttpGzipModule
}
server {
listen 80;
server_name
erp.fastgrp.net
$host
;
return 301 https://$host$request_uri?$query_string;
}
==========================
Thanks Dear
But it didnt work
https://erp.fastgrp.net/?This site can’t be reached
erp.fastgrp.net refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
This guide should help you get an Let’s Encrypt cert as well as setup https
https://frappe.github.io/frappe/user/en/bench/guides/lets-encrypt-ssl-setup.html
The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Hi,
Spot on @spa
Just wanted to point out though (incase any one stumbles on this) that a check should be done first before returning a 301 as this will constantly redirect to https even if an https://sitename is visited
if ($scheme = http) { return 301 https://$host$request_uri?$query_string; }
it didnt want to complete i got error:
frappe@erpnext:~/frappe-bench$ sudo -H bench setup lets-encrypt erpnext.vm --custom-domain erp.fastgrp.net
No custom domain named erp.fastgrp.net set for site
frappe@erpnext:~/frappe-bench$ sudo -H bench setup lets-encrypt erpnext.vm
Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
WARNING: The standalone specific supported challenges flag is deprecated.
Please use the --preferred-challenges flag instead.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.
There was a problem trying to setup SSL for your site
frappe@erpnext:~/frappe-bench$ sudo -H bench setup --preferred-challenges lets-encrypt erpnext.vm
Error: no such option: --preferred-challenges
huh, didnt know that @bomsy - makes sense though but I thought it checks that anyway
thanks for pointing it out… gonna change it in my config
i made a certficate
i dont know where should exactly
embedded ?
it didnt work if i embded in
$ cd frappe-bench/sites/{{ site_name }}
is there any other place
Have you looked at this:
https://frappe.github.io/frappe/user/en/bench/guides/configuring-https
Hi @spa
No need changing it, you are right… it checks that anyway. Although I had an issue with mine a while ago and changing it to include the if statement solved it (maybe an unrelated fault of mine). Since it works without the check on yours no pointing altering it… If it ain’t broken…
Dears
Really this links was som amzing and
i discovered also that i have a big problem that was the main reason for my troubles
my site in erpnext was
erpnext.vm
so this is not a real name so it cant accept a certficate
so what i have done is
created a new site with my real domain
and i drop the erpnext.vm site
and transfer the database and private and public file to the new container site
then i use the certficate and it works
now
erp.fastgrp.net is a green https
thanks a lot dears for your guide and help
…dont fix it - cheers @bomsy
I think my trick is to listen to the port rather then the sitename/Hostname
maybe it only does a scheme check if you listen to port since certain ports normaly mean certain protokolls/schemes… but it would require to invoke the scheme check if listened to hostname/sitename since that could potentially have any scheme
@sheno - our pleasure