I’m running chirpstack v4 docker-compose without security (https), how do I add my certificates?
Any tutorial for the docker version?
Sorry for bad English
Carlos Alberto
maybe you can use nginx as a proxy, proxy your domain to chirpstack and take your cert in nginx config
look at this WebUI devices event and loraFrames requests are really slow - #3 by zeara
Thanks for the answer @zeara
I can try using nginx, but as a last resort, I would like to find a way to add the certificates using docker-compose,yml, mounting a volume with the modified file, in which I would add the configuration that works like v3, which we added the following lines to chirpstack-application-server.toml:
Blockquote
[application_server.external_api]
bind=“0.0.0.0:8080”
# http server TLS certificate (optional)
tls_cert=“/ssl/chain.pem”
# http server TLS key (optional)
tls_key=“/ssl/ca.key”
As the chirpstack-application-server.toml file no longer exists (at least and I don’t know how to find it inside the container), I would just like to indicate a path to follow.
I’ve tried adding the following lines to the chirpstack.toml file to see if I can get a secure connection:
Blockquote
tls_cert=“configuration/certs/chaim.pem”
tls_key=“configuration/certs/cnpgc.key”
copy the files to the ./configurations/certs folder
But it did not work.
I later changed the tls_cert and tls_key lines to ca_cert and ca_key and it still didn’t work…
Any suggestion? am i working on the correct file? where can i find the documentation on chirpstack.toml?
1 Like
Are there already any solutions?
Another option is to keep certificates out of ChirpStack entirely and do your TLS termination with a proxy like Traefik, Nginx, etc. I prefer Traefik, but any of them will have countless guides on setting them up in Docker/Compose with Let’s Encrypt.
1 Like
Thanks for the tip.
But I preferred to go back to chirpstack version 3, where I put chirpstack over tls, despite having to inform port 8080 in the url.
It is a little difficult for me to adopt this solution because I have to momentarily stop other services I have running on the host, but as soon as I can, I will adopt the indicated solution.