Configure SSL for NirvaShare Using Nginx Proxy Manager
In this document, we will discuss how to install Nginx Proxy Manager in a docker container and configure the same to enable SSL for NirvaShare services. To know more about Nginx Proxy Manager, please refer to https://nginxproxymanager.com
Prerequisites
As prerequisites you should:
- Make sure NirvaShare is installed either on cloud or on premise Linux environment.
- Make sure ports 81 and 443 is open.
- You need to have two domain names for Admin Console and User Application pointing to the IP address of the box where NirvaShare is installed.
For example admin.yourdomain.com and share.yourdomain.com - If you are using a custom certificate, make sure you have a valid CA certificate for above domains.
- Alternatively you can also use a free certificate based on LetsEncrypt. To use LetsEncrypt certificate, it is easy to get it working using Nginx Proxy Manager and will be discussed in the below sections.
Installation
To install Nginx Proxy Manager as docker service, follow the below steps.
- In the SSH to Linux machine where NirvaShare is installed, run the below commands which will install the latest Nginx Proxy Manager server.
sudo su root
cd /var/nirvashare
wget https://raw.githubusercontent.com/nirvashare/nirvashare/main/docker/common/install-proxy.yml
docker-compose -f /var/nirvashare/install-proxy.yml up -d
Above commands will install the Nginx Proxy Manager.
Configuration
Follow the below steps
- Open Nginx Proxy Manager using the VM IP address on port 81. For Example http://(your IP address):81
- Login using below default credentials and it will ask you to change it after you sign in. For more information refer to https://nginxproxymanager.com/guide/#quick-setup
Email: admin@example.com
Password: changeme
- Click on SSL Certificates in the top menu.
- Click on Add SSL Certificate.
- Select Let’s Encrypt to create free CA certificate. In case if you intend to use your own CA certificate, please select Custom and upload your certificate and private key.
- Provide your admin console domain name and click on Save, . For example admin.yourdomain.com
- This will automatically create required certificate.
- Repeat the above steps to create another certificate for User Application domain. Example share.yourdomain.com
Once the certificates are ready, the next is to enable SSL for the domain names.
- Click on the Proxy Hosts from the Hosts Menu on the top.
- Click on Add Proxy Host at the right top corner.
- Provide your domain name for Admin Console. For Example admin.yourdomain.com.
- Scheme as http.
- Forward Hostname as nirvashare_admin
- Port as 8080
- Enable Websocket Support
- Click on SSL tab.
- Select the certificate for Admin Console. For example admin.yourdomain.com
- Click on the Advanced Tab.
- Enter the value as client_max_body_size 50G;
- Above value is set to 40G which indicates the max file upload size. Please increase or decrease the size depending on your business needs.
- Save it.
Similarly create another Proxy Host for User Application with below data.
- Click on Add Proxy Host at the right top corner.
- Provide your domain name for User Application. For Example share.yourdomain.com
- Scheme as http
- Forward Hostname as nirvashare_userapp
- Port as 8080
- Enable Websocket Support
- Click on SSL tab.
- Select the certificate for User Application. For example share.yourdomain.com
- Click on the Advanced Tab.
- Enter the value as client_max_body_size 50G;
- Save it.
Verification
Open the Admin Console with your domain name with HTTPS. For example https://admin.yourdomain.com
Similarly, open the User Application with your domain name with HTTPS. For example https://share.yourdomain.com
Above URLs should open respective applications with HTTPS.
While accessing User Application, in case if you face Instance license limit reached Error message, please check the solution HERE.
Disable ports 8080 and 8081
After configuring SSL, for security reasons it is better to disable ports 8080 and 8081 from accessing it.
- In the SSH to Linux machine where NirvaShare is installed, run the command “sudo su root” to get root access.
- Edit /var/nirvashare/install-app.yml
- Comment ports by adding # to beginning of the line at following places.
# ports:
# # Public HTTP Port:
# - '8081:8080'
# ports:
# # Public HTTP Port:
# - '8080:8080'
- While saving the file, make sure you do not add extra space or tab in other places because the file content should adhere to YAML format.
- After saving the file, restart the services using below command.
docker-compose -f /var/nirvashare/install-app.yml up -d