O3 SSL Setup (docker compose, nginx, certbot)

jochenade · July 17, 2024, 6:49am

Hi, I am in the process of setting up SSL for O3. As I understand I need to:

change docker compose
change nginx.conf
set up certbot

I could not find examples or recommendations for how to do this. Any help would be greatly appreciated.

tendomart · July 17, 2024, 12:53pm

@jochenade I assume you’re trying to do apply a self signed certificate…

This is a non openmrs example but you could pick some clues OpenELIS-Global-2/tools/CertGeneration at 2b75f6adb2a933bc37cf239cb0fc0d1b131d7acb · I-TECH-UW/OpenELIS-Global-2 · GitHub

jochenade · July 18, 2024, 11:48am

Thanks for this. This is similar to some of the examples I have and probably possible to stitch sth. together. However, I thought it would be good to have examples specifically for o3 as a setup with ssl is likely to be a standard case.

hansbak · July 19, 2024, 1:41am

have a look at:

github.com/openmrs/openmrs-distro-referenceapplication

added ssl example

openmrs:main ← hansbak:ssl-example

opened 02:33AM - 30 Jun 24 UTC

hansbak

+99 -2

First of thank you for this docker implementation example. I am just starting us…ing openmrs, bare with me. This reference is working fine using just http, however for a server on the internet ssl is required. I looked al over the internet for an example how to add ssl certificates, but could not find any for openmrs. I think it will be beneficial also for other users, so I added an example myself contained in the pull request. However it has two problems you can help me with? 1. /openmrs path: invalid or missing CRSF token. 2. /openmrs/spa path: a: ResizeObserver loop completed with undelivered notifications. b: Uncaught Error: WorkspaceOverlay or WorkspaceWindow has provided an invalid context key: "home". The context key must be part of the URL path, with no initial or trailing slash. if you can me give me some suggestions how to solve this , much appreciated. Regards, Hans Bakker PS: To Try yourself at our server: https://app.openrationale.net/openmrs or https://app.openrationale.net/openmrs/spa

regards, Hans

jochenade · July 22, 2024, 12:33pm

Thanks Hans, this is very helpful. I am not exactly a docker expert, but the changes in docker-compose seem quite straightforward and I think I roughly understand what you are doing in gateway/ssl.config.

How are you planning to handle certificate renewal?

hansbak · July 22, 2024, 10:43pm

because currently just a demo app, just manual, however entering: nginx ssl renew will give you examples how to implement that.

regards,

Hans