Hello, I’m using the latest redash ami instance. I’m using this guide to add https. I’ve changed the paths, but nothing happens. As in the http connection works, but the https connection doesn’t. I’m wondering if the documentation is up to date, since the nginx docker file doesn’t point to this configuration file.
So how can I use https for a self installed redash instance?
Technical details:
Redash Version: 5.0.2
Browser/OS:
How did you install Redash: ami for eu-central-1 ami-026f66c6ba3cedf99
upstream redash_servers {
server 172.19.0.4:5000;
}
server {
listen 80;
# Allow accessing /ping without https. Useful when placing behind load balancer.
location /ping {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://redash_servers;
}
location / {
# Enforce SSL.
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
# Make sure to set paths to your certificate .pem and .key files.
ssl on;
ssl_certificate /etc/nginx/certificate.crt; # or crt
ssl_certificate_key /etc/nginx/certificate.key;
# Specifies that we don't want to use SSLv2 (insecure) or SSLv3 (exploitable)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Uses the server's ciphers rather than the client's
ssl_prefer_server_ciphers on;
# Specifies which ciphers are okay and which are not okay. List taken from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
access_log /var/log/nginx/redash.access.log;
gzip on;
gzip_types *;
gzip_proxied any;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://redash_servers;
proxy_redirect off;
}
}
A few remarks, it looks like the redash server has a fixed ip, in case it doesn’t work use
“docker network inspect redash_default” to find out the actual ip address. Update the upstream section in redash.conf with the ip address.
I noticed the same issues when following the guide. I’ve booted the us-west-2 AMI and cannot use HTTPS. Looking at the docker-compose.yml it obviously isn’t supported.