Hi there @perzanowski.4,
Looking at the files you provided, if you want to use HTTPS the following will work
- Update your docker-compose.yml file as follows
asset-server:
restart: unless-stopped
image: specifyconsortium/specify-asset-service
container_name: asset-server
init: true
volumes:
- "attachments:/home/specify/attachments"
- "./web_asset_store.xml:/home/specify/web_asset_store.xml"
environment:
- SERVER_NAME=${ASSET_SERVER_URL}
- SERVER_PORT=443
- ATTACHMENT_KEY=${ASSET_SERVER_KEY}
- DEBUG_MODE=false
- You will need to ammend the default web_asset_store.xml from http to https. You can simply copy and paste the snippet below:
<?xml version="1.0" encoding="UTF-8"?>
<urls>
<url type="read"><![CDATA[https://{{host}}/fileget]]></url>
<url type="write"><![CDATA[https://{{host}}/fileupload]]></url>
<url type="delete"><![CDATA[https://{{host}}/filedelete]]></url>
<url type="getmetadata"><![CDATA[https://{{host}}/getmetadata]]></url>
<url type="testkey">https://{{host}}/testkey</url>
</urls>
- Lastly, in your nginx.conf you didnt include any listening section for Port 443. Not sure how you are referencing your certificate, but here is a snippet of my configuration file that should give you some help
server {
listen 80;
server_name specify.institute.ac.za;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name specify.institute.ac.za;
# access_log off;
# error_log off;
ssl_certificate /etc/letsencrypt/live/specify.institute.ac.za/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/specify.institute.ac.za/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# serve static files directly
location /static/ {
root /volumes;
rewrite ^/static/config/(.*)$ /specify6/config/$1 break;
rewrite ^/static/depository/(.*)$ /static-files/depository/$1 break;
rewrite ^/static/(.*)$ /static-files/frontend-static/$1 break;
}
# proxy these urls to the asset server
location ~ ^/(fileget|fileupload|filedelete|getmetadata|testkey|web_asset_store.xml) {
client_max_body_size 0;
resolver 127.0.0.11 valid=30s;
set $backend "http://asset-server:8080";
proxy_pass $backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# proxy everything else to specify 7
location / {
resolver 127.0.0.11 valid=30s;
set $backend "http://specify7:8000";
proxy_pass $backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Shout if you still struggling and i can assist in bundling letsencrypt for automatic certificate handling.