Ui with ssl certificate? https

I’m running chirpstack v4 docker-compose without security (https), how do I add my certificates?
Any tutorial for the docker version?

Sorry for bad English

Carlos Alberto

maybe you can use nginx as a proxy, proxy your domain to chirpstack and take your cert in nginx config
look at this WebUI devices event and loraFrames requests are really slow - #3 by zeara

Thanks for the answer @zeara

I can try using nginx, but as a last resort, I would like to find a way to add the certificates using docker-compose,yml, mounting a volume with the modified file, in which I would add the configuration that works like v3, which we added the following lines to chirpstack-application-server.toml:

Blockquote
[application_server.external_api]
bind=“0.0.0.0:8080”
# http server TLS certificate (optional)
tls_cert="/ssl/chain.pem"
# http server TLS key (optional)
tls_key="/ssl/ca.key"

As the chirpstack-application-server.toml file no longer exists (at least and I don’t know how to find it inside the container), I would just like to indicate a path to follow.

I’ve tried adding the following lines to the chirpstack.toml file to see if I can get a secure connection:

Blockquote
tls_cert=“configuration/certs/chaim.pem”
tls_key=“configuration/certs/cnpgc.key”

copy the files to the ./configurations/certs folder
But it did not work.
I later changed the tls_cert and tls_key lines to ca_cert and ca_key and it still didn’t work…

Any suggestion? am i working on the correct file? where can i find the documentation on chirpstack.toml?

1 Like

Are there already any solutions?

Another option is to keep certificates out of ChirpStack entirely and do your TLS termination with a proxy like Traefik, Nginx, etc. I prefer Traefik, but any of them will have countless guides on setting them up in Docker/Compose with Let’s Encrypt.

1 Like

Thanks for the tip.

But I preferred to go back to chirpstack version 3, where I put chirpstack over tls, despite having to inform port 8080 in the url.

It is a little difficult for me to adopt this solution because I have to momentarily stop other services I have running on the host, but as soon as I can, I will adopt the indicated solution.