Skip to main content

Upgrade Dataedo Portal to run over HTTPS on Docker

This tutorial walks you through upgrading an already running Dataedo Portal on Docker to enable HTTPS. If you haven’t installed Docker with Dataedo Portal running yet, refer to this article.

Prerequisites

  • Dataedo Portal running on Docker with the latest image.
  • A .pem certificate and private key for your website. You can create these for free using Certbot if you don't have them yet.

SSL certificate preparation

To set up HTTPS for Dataedo, you can either upload your own certificate files (for certificates purchased earlier or paid certificates) or generate a certificate directly on the server using a tool like Certbot (for free certificates).

Own certificates

If you have your own paid certificates, transfer the .pem files to the server where the Dataedo application is hosted. You can use scp (from the terminal) or WinSCP.

Here’s an example of using scp to transfer your SSL certificate files from your local machine. Open PowerShell or Bash, navigate to the folder where the certificate files are stored, and use the following command to transfer your SSL certificate files with scp. Remember to update:

  • remote_username – with the actual username
  • 10.10.0.1 – with the address of the server where you hosted the Dataedo application
  • etc/ssl/certs – with the path where you want to store the certificate files
scp cert.pem privkey.pem [email protected]:/etc/ssl/certs
Let’s Encrypt certificates

If you plan to use a Let's Encrypt Certificate, install Certbot (see Certbot documentation for instructions) and generate a new Let's Encrypt Certificate. Refer to the Certbot documentation for detailed steps. Remember to save the path where the newly generated certificates are stored, as it will be required in the next steps (e.g. /etc/letsencrypt/live/sampledomain.com/).

Configuration

In your Dataedo folder, create the file nginx.conf and place the following in it. Be sure to replace sampledomain.com with your domain name and update the paths for the certificate files accordingly:

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    # Update 'sampledomain.com' to your own domain name
    server_name sampledomain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    # Update 'sampledomain.com' to your own domain name
    server_name sampledomain.com;

    # Provide the correct paths to your SSL certificate and private key files
    ssl_certificate /etc/letsencrypt/live/sampledomain.com/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/sampledomain.com/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;

    add_header Strict-Transport-Security "max-age=31536000" always;
    add_header X-Content-Type-Options nosniff always;

    location / {
        root /usr/share/nginx/html;
        index index.html index.htm;
        try_files $uri $uri/ /index.html =404;
    }

    location = /api/api/auth/assertion-consumer {
        proxy_method POST;
        proxy_pass http://backend:44345/api/auth/assertion-consumer$is_args$args;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /api/ {
        rewrite ^/api/(.*) /api/$1 break;
        proxy_pass http://backend:44345;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /notificationhub {
        proxy_pass http://backend:44345/notificationhub;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
    }
        location /aidescriptionshub {
        proxy_pass http://backend:44345/aidescriptionshub;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
    }
}

Update your docker-compose.yml file by modifying the frontend service to include the following configuration. Be sure to replace the placeholder paths with the correct paths to your SSL certificate and private key files under the volumes section:

    frontend:
    image: dataedo/web_ui:stable
    restart: always
    ports:
        - "443:443"
    networks:
        - overlay
    depends_on:
        - backend
    env_file:
        - ./.env
    volumes:
        - ./nginx.conf:/etc/nginx/conf.d/default.conf
        # Provide the correct paths to your SSL certificate and private key files: host_path:container_path
        - /etc/letsencrypt/live/sampledomain.com:/etc/letsencrypt/live/sampledomain.com
        - /etc/letsencrypt/archive/sampledomain.com:/etc/letsencrypt/archive/sampledomain.com

Update Docker Compose with:

sudo docker compose down sudo docker compose up -d

Your Dataedo instance is now successfully configured and accessible via HTTPS.

Need help?

If you run into any problems or have questions, reach out to Dataedo support.

On this page
Dataedo LogoDataedo Logo
If you have any questions or need assistance, feel free to reach out to the Dataedo support team.
Dataedo support