Skip to content
meta-d edited this page Mar 18, 2024 · 2 revisions

Configuring HTTPS servers

In Docker Compose cluster

Generate a self-signed certificate

Generate ssl certificate for nginx (on macos):

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Or get a free certificate from Let's Encrypt.

Add the certificate to the Nginx container

Mounting SSH certificate as Volumes.

    container_name: webapp
    entrypoint: './'
+   command: ['nginx', '-g', 'daemon off;', '-c', '/webapp/conf/nginx.conf']
      - ${WEB_PORT:-80}:80
+     - ${WEB_PORT:-443}:443
+     - ./.volumes/webapp/:/webapp/

The .volumes/webapp/ folder structure should look like this:

|   ├───
│   ├───

The nginx.conf file should be updated to use the certificate to enable ssl.

user  nginx;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/;

events {
  worker_connections 1024;

http {
  include /etc/nginx/mime.types;
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log  main;

  #gzip  on;

  upstream api {
    server api:3000;

  server {
    listen              80;
+   listen              443 ssl;
+   ssl_certificate     /webapp/ssl/;
+   ssl_certificate_key /webapp/ssl/;

    location / {
      root /srv/pangolin;
      try_files $uri $uri/ /index.html;

    location /api/ {
      proxy_pass http://api;
      proxy_set_header Host $http_host;
    location /public/ {
      proxy_pass http://api;
      proxy_set_header Host $http_host;
  • ssl_certificate ssl_certificate_key - The path to the certificate and key files in the volume that mounted in docker compose.
  • listen 443 ssl The server listens on port 443 for HTTPS requests.
  • /srv/pangolin path is the root directory for the web server.
  • location /api/ and location /public/ are the reverse proxy for the api server.

API Base Url Environment Variable

Change the API base url to use https and domain in the .env file.


In Kubernetes cluster



For Metad OCAP adopters

For Metad OCAP developers

Clone this wiki locally