Hi all,
we are getting ready to deploy this live for our organization. I am searching the forums and google left and right with no luck. I am trying to find out where to install the SSL cert. I played around with nginx.conf with no luck. I have seen the suggestion to follow the link WSGI Production Deployment · frappe/erpnext Wiki · GitHub which doesn’t help me much.
Any input on which file specifically to add the SSL info would be great. If possible, I can install nginx manually and proxy to ERPnext though that might be over complicating the problem.
Thanks guys!
1 Like
pdvyas
November 25, 2014, 5:00pm
2
The WSGI Production Deployment · frappe/erpnext Wiki · GitHub guide is outdated
You can add ssl related directives to the server block at /etc/nginx/conf.d/frappe.conf
Will be adding SSL to the config generator in frappe soon (hopefully by tomorrow).
Ah makes sense. Thanks for the quick reply. I will play around with this or wait to pull the update with the SSL conf.
Best,
pdvyas
November 25, 2014, 6:50pm
4
1 Like
pdvyas
November 26, 2014, 6:42am
5
Update bench and try Not Found
Awesome! Got it working with no major issues, just a few problems on my end with the private key. Have it all set up now.
I added this to /etc/nginx/conf.d/frappe.conf to redirect http to https requests.
server {https://erp.YOURWEBSITEcom $request_uri? permanent;
Thanks again for your support!
We were very successful with this:https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04
Just start at the right step in the instructions.
We have our server behind an apache proxy as we need to run multiple servers behind one WAN address.
Contact me if someone needs to know how we did this. It took us a while to figure it out and we gladly share that knowledge.
Cheers
1 Like
I believe this is a slightly more desirable way to do it:
#redirect to https
if ($scheme = http) {
return 301 https://$host$request_uri;
}
Is there a way to add this to frappe so it automatically adds this directive when generating the config with bench setup nginx
pdvyas
January 19, 2015, 4:20am
9
Yes, I can change the template to spit out another server block for this (I guess would be faster than if) but should there be a way to switch it off?
@skylineservers I agree it should be a 301 http code. I tried adding it to the very end of the element
server {
listen 80 default ;
...
and then executed systemctl reload nginx. It does not redirect. Could you give instructions on how to configure your code snippet?
this link is dead and should be updated to the current link location
Hi,
I followed the setup and got the one site on my multisite setup working with ssl but when i follow the same process for the other sites with same certificated then all ssl traffic points to the last site I made to ssl. None of the other urls point to their respective ssl site.
Am I doing something wrong?
william
November 20, 2015, 5:16pm
13
I follow the instructions 3 times as it says but still can’t get HTTPS to work.
https://kb.frappe.io/kb/deployment/configuring-https
https://104.197.189.126/ http://104.197.189.126/
Anything I might be missing?
Did you set your site URL in site_config.json? set the hostname to your URL, then save, then run bench update to reload the URL.
Set this in your site_config.json:
"host_name": "https://104.197.189.126"
pdvyas
November 21, 2015, 6:25pm
15
Sorry for a bunch of questions
My hunch is that nginx either hasn’t picked up the new config or there’s an error in the new config generated. Can you post the output?
Try @DrTrills method if you get a 404 (but that was required 8 months ago due to a bug, not anymore).
william
November 22, 2015, 11:16pm
16
@pdvyas
Thanks, I got it to work. I was misplacing the certificate.
Another quick question. Which file do I need to edit in order to force HTTPS instead of HTTP?
Is is the frappe.conf or nginx.conf and which block should I edit?
Thanks
bohlian
November 23, 2015, 4:09am
17
Should be done at the nginx level.
Remove listen 80 and replace it with the following.
This way you only allow HTTPS
server {
listen 443 ssl;
server_name yourdomainname.com;
ssl_certificate yourcertificatepemfilename;
ssl_certificate_key yourcertificatekeyfilename;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
1 Like
william
November 23, 2015, 1:43pm
18
Thanks @bohlian ,
I added what you suggested to the nginx.conf file but it didn’t work, it didn’t forced https.
I’m currently using the following settings
server {
listen 80;
listen 443 ssl;
server_name 104.189.197.126;
ssl_certificate path/to/my/certificate.crt;
ssl_certificate_key path/to/my/key.key;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#FORCE HTTP
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
Still won’t force HTTPS, but when I go to https://104.197.189.126/ , the NGINX index website displays, instead of my ERPNext site.
Any other suggestions?
Thanks
pdvyas
November 23, 2015, 7:06pm
19
set the server name as the hostname, I see you’re not using that, so make that server block default for port 80 with,
listen 80 default;
william
November 23, 2015, 8:01pm
20
The hostname on the site_config.json?
I only have this on the file, I have no hostname.
{
"ssl_certificate": "/etc/nginx/conf.d/ssl/certificate.crt",
"db_name": "xxxxxx",
"ssl_certificate_key": "/etc/nginx/conf.d/ssl/key.key",
"db_password": "xxxxxx"
}
It seems I’m overlooking something, as this I presume, is an easy task.
I added what you suggested to the nginx.conf file and now, the nginx server can’t be restarted, I get the following error on the error.log
2015/11/23 20:02:20 [emerg] 6950#0: a duplicate default server for 0.0.0.0:80 in /etc/nginx/conf.d/frappe.conf:73
