Skip to main content

Installing Parkpow on-premise with HTTPS

This guide will provide instructions on how to add HTTPS support to a ParkPow on-premise implementation using Nginx and Certbot. By adding HTTPS to your application, you will enhance the security and privacy of data transmitted between the server and clients.

The process involves implementing an encryption layer to protect sensitive information such as passwords, personal data, and financial transactions. This way, you prevent malicious third parties from intercepting and accessing this data during transmission.

Prerequisites

  • Docker and Docker-Compose.

    info

    In this guide, we will make use of the following Docker images:

    • Certbot: An automated tool that simplifies the process of obtaining and renewing free SSL certificates from Let's Encrypt. Certbot will be used to generate and maintain the necessary SSL certificates to enable HTTPS.
    • Nginx: A web server known for its efficiency, performance, and ability to act as a reverse proxy. Nginx will be responsible for redirecting HTTPS requests to the Docker application.
  • Verify that ParkPow On-Premise is installed and running correctly in your environment.

    Make sure that the application is responding properly to HTTP requests.

  • Registered domain.

    To set up an application with HTTPS, you need to have a registered domain.

Installation

2) Preparation of the environment, configuration files and docker-compose files

Create a folder and add the template files below, replace the parameter server_name with the domain that will be used.

nginx.conf
server {
listen 80;
listen [::]:80;

server_name example.com www.example.com;

location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
info

To enable Nginx to perform reverse proxy, it needs to be on the same internal network as ParkPow. For this, adding the following parameter in your docker-compose-nginx.yml is required.

    external_links:
- conteriner_name:web

Note that it should be based on the container name and service (-container_name:service), as per the standard convention. If you have multiple ParkPow instances, replace the parameter below with the container name associated with the specific ParkPow instance.

3) Create certificate with certbot

In the folder containing the created files, run Nginx with the basic configuration so that certbot can check the permissions on the domain, use the command below:

docker-compose -f docker-compose-nginx.yml up

Replace the email and domain parameters and run the command below:

docker-compose -f docker-compose-certbot.yml run --rm certbot certonly --webroot -w /var/www/certbot --force-renewal --email [email protected] -d example.com --agree-tos

If all goes well, the command will generate an output as shown in the following image.

API Token

4) Change nginx.conf and restart container

Update the nginx.conf file with the newly created certificate parameters and your domain.


server {
listen 80;
listen [::]:80;

server_name example.com www.example.com;

location / {
return 301 https://exmaple.com.$request_uri;
}
}

server {
listen 443 default_server ssl http2;
listen [::]:443 ssl http2;

server_name exmaple.com;

ssl_certificate /etc/nginx/ssl/live/example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/example.com/privkey.pem;

location / {
proxy_pass http://nginx;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}

location /mqtt-wss {
proxy_pass http://nginx;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_read_timeout 1d;
}
}

warning

Please note that in this guide, we are assuming the default service and container names generated from the standard Docker Compose file used for ParkPow installation. If you have modified this file, you will need to adjust this guide accordingly.

After modifying the file, execute the following command:


docker-compose -f docker-compose-nginx.yml restart

If everything goes smoothly, these steps should be sufficient for you to have ParkPow On-Premise running with HTTPS.

However, if you have a certificate obtained from another certification authority, you should start from step 4 and map the volumes in the docker-compose-nginx.yml file to the folder that contains your certificates.

Floating button icon
CTRL + .