Installing Parkpow on-premise with HTTPS
This guide will provide instructions on how to add HTTPS support to a ParkPow on-premise implementation using Nginx and Certbot. By adding HTTPS to your application, you will enhance the security and privacy of data transmitted between the server and clients.
The process involves implementing an encryption layer to protect sensitive information such as passwords, personal data, and financial transactions. This way, you prevent malicious third parties from intercepting and accessing this data during transmission.
Prerequisites​
- Verify that ParkPow On-Premise is installed and running correctly in your environment.
- To set up an application with HTTPS, you need to have a registered domain.
- To setup certificates from letsencrypt, you need to have a valid email address.
Setting up certificates using Letsencrypt service​
- Create an Nginx configuration file and replace the server name with your domain name.
server {
listen 443 default_server ssl http2;
listen [::]:443 ssl http2;
server_name <your-domain-name>;
ssl_certificate /etc/letsencrypt/live/test-name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test-name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/test-name/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
charset utf-8;
client_max_body_size 3M;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location / {
uwsgi_pass web:8000;
include uwsgi_params;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /static {
alias /app/static-dist;
}
location /media {
alias /app/media;
}
location /mqtt-wss {
proxy_pass http://mqtt_broker:9001;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_read_timeout 1d;
}
}
- Update your
docker-compose.yml
file's nginx service and update your Email address
...
nginx:
# https://github.com/JonasAlfredsson/docker-nginx-certbot
image: jonasal/nginx-certbot
volumes:
- media_volume:/app/media
- app_volume:/app
- nginx_secrets:/etc/letsencrypt
- ./nginx-conf:/etc/nginx/user_conf.d:ro
ports:
- "80:80"
- "443:443"
depends_on:
- web
environment:
- CERTBOT_EMAIL=<your-email-id>
...
If everything goes smoothly, these steps should be sufficient for you to have ParkPow On-Premise running with HTTPS. The certificates will be renewed automatically by Certbot.
Configuring certificates from other certification authorities​
If you have a certificate obtained already from another certification authority,
you need to update the nginx.conf
file to point to the correct certificates and
map the volumes in the docker-compose.yml
file to the folder that contains your certificates.