-
-
Save eashman/a64c3d0a8117529628c919520ee0204b to your computer and use it in GitHub Desktop.
Revisions
-
arikfr revised this gist
Jan 20, 2019 . 2 changed files with 6 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -108,9 +108,9 @@ ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4; ssl_certificate /etc/letsencrypt/live/example.redashapp.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.redashapp.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/example.redashapp.com/chain.pem; access_log /dev/stdout; error_log /dev/stderr info; This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,9 +44,9 @@ server { ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4; ssl_certificate /etc/letsencrypt/live/example.redashapp.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.redashapp.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/example.redashapp.com/chain.pem; access_log /dev/stdout; error_log /dev/stderr info; -
Jan 20, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ 2. Switch to the `root` user (`sudo su`). 3. Create a folder named `nginx` in `/opt/redash`. 4. Create in the nginx folder two additional folders: `certs` and `certs-data`. 5. Create the file `/opt/redash/nginx/nginx.conf` and place the following in it: (replace `example.redashapp.com` with your domain name) ``` upstream redash { server redash:5000; -
Nov 26, 2018 . 1 changed file with 64 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,64 @@ upstream redash { server redash:5000; } server { listen 80; listen [::]:80; server_name example.redashapp.com; location ^~ /ping { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_pass http://redash; } location / { rewrite ^ https://$host$request_uri? permanent; } location ^~ /.well-known { allow all; root /data/letsencrypt/; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.redashapp.com; add_header Strict-Transport-Security "max-age=31536000" always; ssl_session_cache shared:SSL:20m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; access_log /dev/stdout; error_log /dev/stderr info; # other configs location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_pass http://redash; } } -
Nov 26, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -125,7 +125,7 @@ proxy_pass http://redash; } } ``` 8. Restart nginx: `docker-compose restart nginx`. 9. All done, your Redash instance should be available via HTTPS now. 👏 -
Nov 26, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -125,8 +125,8 @@ proxy_pass http://redash; } } ``` 8. Restart nginx: `docker-compose restart nginx`. 9. All done, your Redash instance should be available via HTTPS now. 👏 -
Nov 26, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,143 @@ 1. Make sure the domain you picked points at the IP of your Redash server. 2. Switch to the `root` user (`sudo su`). 3. Create a folder named `nginx` in `/opt/redash`. 4. Create in the nginx folder two additional folders: `certs` and `certs-data`. 5. Create the file `/opt/redash/nginx.conf` and place the following in it: (replace `example.redashapp.com` with your domain name) ``` upstream redash { server redash:5000; } server { listen 80; listen [::]:80; server_name example.redashapp.com; location ^~ /ping { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_pass http://redash; } location / { rewrite ^ https://$host$request_uri? permanent; } location ^~ /.well-known { allow all; root /data/letsencrypt/; } } ``` 4. Edit `/opt/redash/docker-compose.yml` and update the nginx service to look like the following: ``` nginx: image: nginx:latest ports: - "80:80" - "443:443" depends_on: - server links: - server:redash volumes: - /opt/redash/nginx/nginx.conf:/etc/nginx/conf.d/default.conf - /opt/redash/nginx/certs:/etc/letsencrypt - /opt/redash/nginx/certs-data:/data/letsencrypt restart: always ``` 5. Update Docker Compose: `docker-compose up -d`. 6. Generate certificates: (remember to change the domain name) ``` docker run -it --rm \ -v /opt/redash/nginx/certs:/etc/letsencrypt \ -v /opt/redash/nginx/certs-data:/data/letsencrypt \ deliverous/certbot \ certonly \ --webroot --webroot-path=/data/letsencrypt \ -d example.redashapp.com ``` 7. Assuming the previous step was succesful, update the nginx config to include the SSL configuration: ``` upstream redash { server redash:5000; } server { listen 80; listen [::]:80; server_name example.redashapp.com; location ^~ /ping { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_pass http://redash; } location / { rewrite ^ https://$host$request_uri? permanent; } location ^~ /.well-known { allow all; root /data/letsencrypt/; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.redashapp.com; add_header Strict-Transport-Security "max-age=31536000" always; ssl_session_cache shared:SSL:20m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; access_log /dev/stdout; error_log /dev/stderr info; # other configs location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_pass http://redash; } } ``` 8. Restart nginx: `docker-compose restart nginx`. 9. All done, your Redash instance should be available via HTTPS now. 👏 To renew the certificate in the future, you can use the following command: ``` $ docker run -t --rm \ -v certs:/etc/letsencrypt \ -v certs-data:/data/letsencrypt \ deliverous/certbot \ renew \ --webroot --webroot-path=/data/letsencrypt $ docker-compose kill -s HUP nginx ```