HTTPS and Certificates
For productive use of Enginsight, an encrypted connection via HTTPS is mandatory.
For this purpose, install and configure nginx on the application server. During the automatic installation of Enginsight, nginx is already installed.
So you get the following structure:
Container Ports: 80, 8080
internal Ports: 81, 82 (127.0.0.1:81, 127.0.0.1:82)
You need two domains pointing to the IP address of the application server:
ngs-api.domain.de (Port 80)
ngs-app.domain.de (Port 443)
If you have your own certificate, you can use it. Alternatively, we recommend using Let's Encrypt.
Install nginx
This step is required only if you perform a manual installation! If you're using the automated setup skip this section.
If you have done a manual installation, install nginx first. If you have an automatic installation, you can skip this step.
Define internal ports
This step is required regardless of the installation method. Port definitions are essential for internal communication between services.
Define an internal port in docker-compose.yml for the user interface (ui-m1) and API (server-m2).
1. Navigate to /opt/enginsight/enterprise
2. Open docker-compose.yml.
3. Adjust the ports.
4. Save the file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).
5. Run setup.sh for the changes to apply.
Set up Let's Encrypt
If you want to use your own certificate, skip the following steps.
1. Customize the configuration of nginx. Open the configuration file.
Automatic installation
Manual installation
2. Use the following template and set your domain.
3. Check the status of nginx and see if the change was successful.
4. Restart nginx.
5. Install certbot.
6. Create a folder for each domain.
7. Create the certificate.
8. Generate the Diffie-Hellman parameters.
Please note that LetsEncrypt is only valid for 3 Months. Follow the manual tu update your SSL-ceritificate.
Configure certificates and SSL/TLS in nginx
With Let's Encrypt
Customize the configuration of nginx.
1. Open the configuration file.
Automatic installation
Manual installation
2. Use the following template and insert your domain.
3. Check the status of nginx and see if the change was successful.
4. Restart nginx.
Switch APP and API URLs to HTTPS After you have configured nginx and installed the certificate, run
setup.shagain. During this step, you will be prompted for the external URLs for the APP and the API. Enter the domains usinghttps://(instead ofhttp://).Example:
APP URL:
https://ngs-app.domain.deAPI URL:
https://ngs-api.domain.de
This step is required so that Enginsight uses the APP and API endpoints correctly over HTTPS. If you accidentally enter
http://, the instance will remain internally configured for HTTP, even though nginx is already providing HTTPS.
With own certificate
Please make sure that the certificate is in PEM format. If not, convert the certificate to PEM format first.
Adjust the configuration of nginx.
1. Open the configuration file.
Automatic installation
Manual installation
2. Use the following template and insert your domain and the paths to the certificates.
3. Check the status of nginx and see if the change was successful.
4. Restart nginx.
Switch APP and API URLs to HTTPS After you have configured nginx and installed the certificate, run
setup.shagain. During this step, you will be prompted for the external URLs for the APP and the API. Enter the domains usinghttps://(instead ofhttp://).Example:
APP URL:
https://ngs-app.domain.deAPI URL:
https://ngs-api.domain.de
This step is required so that Enginsight uses the APP and API endpoints correctly over HTTPS. If you accidentally enter
http://, the instance will remain internally configured for HTTP, even though nginx is already providing HTTPS.
Last updated
Was this helpful?