My account Book a demo

Dataedo on Docker with HTTPS

Marcin Gaweł - Dataedo Team Marcin Gaweł
Applies to: Dataedo 24.x (current) versions, Article available also for: 23.x

This tutorial is a step-by-step guide to upgrade already runnnig Dataedo Portal on Docker to run over HTTPS. If you haven't installed Docker with Dataedo Portal running yet, please refer to this article.

Requirements:

  • Dataedo Portal runnning on Docker with latest image.
  • A .pem certificate and private key for your website. If you don't have these, you can create them for free using Certbot.

SSL Certificate Preparation:

To set up HTTPS for Dataedo, you need to either upload your own certificate files (for certificates purchased earlier or paid certificates) or generate a certificate directly on the server using a tool like Certbot (for free certificates).

Own Certificates

If you have your own company's paid certificates, please obtain the .pem files and transfer them to the server where the application is hosted using a terminal (via scp) or the WinSCP application.

Here’s an example of using scp to transfer your SSL certificate files from your local machine. Open PowerShell or Bash, navigate to the folder where the certificate files are stored, and use the command below to transfer your SSL certificate files with scp. Remember to update:

  • remote_username - with the actual username
  • 10.10.0.1 - with the address of the server where you hosted the Dataedo application
  • etc/ssl/certs - with the path where you want to store the certificate files

scp cert.pem privkey.pem remote_username@10.10.0.1:/etc/ssl/certs

Let's Encrypt Certificates

If you plan to use a Let's Encrypt certificate, please install Certbot (see this link for instructions) and generate a new Let's Encrypt certificate. Refer to the Certbot documentation for detailed steps.
Remember to save the path where the newly generated certificates are stored, as it will be required in the next steps (e.g. /etc/letsencrypt/live/sampledomain.com/).

Setup process:

In your Dataedo folder, create the file nginx.conf and place the following in it. Be sure to replace sampledomain.com with your domain name and update the paths for the certificate files accordingly:

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    # Update 'sampledomain.com' to your own domain name
    server_name sampledomain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    # Update 'sampledomain.com' to your own domain name
    server_name sampledomain.com;

    # Provide the correct paths to your SSL certificate and private key files
    ssl_certificate /etc/letsencrypt/live/sampledomain.com/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/sampledomain.com/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;

    add_header Strict-Transport-Security "max-age=31536000" always;
    add_header X-Content-Type-Options nosniff always;

    location / {
        root /usr/share/nginx/html;
        index index.html index.htm;
        try_files $uri $uri/ /index.html =404;
    }

    location = /api/api/auth/assertion-consumer {
        proxy_method POST;
        proxy_pass http://backend:44345/api/auth/assertion-consumer$is_args$args;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /api/ {
        rewrite ^/api/(.*) /api/$1 break;
        proxy_pass http://backend:44345;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /notificationhub {
        proxy_pass http://backend:44345/notificationhub;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
    }
     location /aidescriptionshub {
        proxy_pass http://backend:44345/aidescriptionshub;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
    }
}

Edit the docker-compose.yml and update the frontend service to look like the following. Be sure to update the paths for the certificate files under the volumes section:

  frontend:
    image: dataedo/web_ui:stable
    restart: always
    ports:
      - "443:443"
    networks:
      - overlay
    depends_on:
      - backend
    env_file:
      - ./.env
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
      # Provide the correct paths to your SSL certificate and private key files: host_path:container_path
      - /etc/letsencrypt/live/sampledomain.com:/etc/letsencrypt/live/sampledomain.com
      - /etc/letsencrypt/archive/sampledomain.com:/etc/letsencrypt/archive/sampledomain.com

Update Docker Compose with:

sudo docker compose down sudo docker compose up -d

All done, your Dataedo instance should be available via HTTPS now.

Contact support Report issue