Help with ChirpStack v4 deployment in the cloud with Docker and SSL setup using Nginx

Hi everyone,

I’m currently working on setting up ChirpStack v4 in the cloud using Docker, and I’m hoping to integrate SSL (TLS) with Nginx as my reverse proxy. Right now, I have several other services deployed (using Docker), each accessible via Nginx subpaths, so I’d like to continue using this configuration rather than switching to Traefik, which I’ve seen mentioned as a popular alternative.

From what I understand based on older forum posts, native SSL support for ChirpStack isn’t available yet. Given this, I’d appreciate any guidance on configuring SSL (TLS) via Nginx for ChirpStack with subpaths, if that’s possible. My knowledge of cloud setups and Nginx is still somewhat limited, so I’m a bit lost in terms of the best practices here.

Is there a guide or documentation available for deploying ChirpStack with subpaths and Nginx? Any advice or examples would be very helpful.

Thanks in advance for your help!

I’ve never used NGINX but as far as I can tell it should be as simple as installing something to automate cert creation (I’d recommend certbot) and then referencing the certificates in the NGINX path configurations.

Typically you’d then want NGINX to terminate TLS and pass the traffic unencrypted to the services on the back end (this is what I’m doing with Traefik). That way NGINX can handle all the TLS requirements and no major configuration changes to Chirpstack are required. Just make sure the backend containers are not exposed to WAN such that external connections can just bypass NGINX.

I’d recommend also setting up authentication for your MQTT broker. So set up a password file in your listeners.conf and associate it with the listener, that way only your gateways can connect.

You could use the Ansible playbook as an example:

More specifically: