These are instructions for flex.bi private 4.0 and later
If you want to enable HTTPS or SSL for Private flex.bi, then you need to setup front-end web server (like Apache or ngnix) which will handle the HTTPS/SSL connection and will use the reverse-proxy to pass the request to Private flex.bi process. We prefer using nginx, so the following are instructions for setting up connection using nginx web server.
Setting Up Connection Using nginx
First of all, you have to open ports 80 and 443 in your firewall to allow external connections to your server.
Run the following command to open the port 80:
Run the following command to open the port 443:
Run the following command to reload the firewall:
Run the following command to check if the port is open:
Install Certbot Let's Encrypt Client
To enable secure communication you need to use an SSL certificate. For this purpose we will use Let's Encrypt solution. For this to work, the first step is to install the certbot software on your server.
Run the following command to enable access to the EPEL repository on your server:
Run the following command to install cerbot-nginx package:
To be able to use nginx, you have to install it first.
Run the following command to install nginx:
Run the following command to start nginx using systemctl:
Run the following command to make sure nginx is installed and check it's version:
To ensure proper certificate creation and traffic routing, you have to create an nginx configuration file ( for example, flexbi.conf) in the directory /etc/nginx/conf.d.
- Go to the /etc/nginx/conf.d on your server.
- Create a new file in this directory and name it accordingly, for example, flexbi.conf.
Use your preferred text editor to insert the following configuration information into the newly created configuration file:
In the configuration above, replace example.com with your domain name which has a hostname configured for this server in DNS records.
Run the following command to reload nginx and apply the new configuration:
To test if everything is working, open your website in a web browser using http:// (e.g. https://example.com).
Obtain a Certificate
You can use Certbot to obtain SSL certificates using various plugins. We will use nginx plugin which takes care of reconfiguring nginx and reloading the configuration whenever necessary.
Run the following command to obtain a certificate for your domain:
In the configuration above, replace example.com with your domain name.
Provide additional information, if it is asked, for example, e-mail address.
If the process is successful, certbot will ask how you'd like to configure your HTTPS settings:
Select the appropriate option and press Enter.
Certbot will create the certificate and show a message telling you the process was successful and where your certificate is stored:
To test if everything is working, open your website in a web browser using https:// (e.g. https://example.com). The site should open with a secure connection indicator (a lock icon) next to the address.
Set-up Certificate Auto Renewal
Let's Encrypt's certificates are only valid for ninety days. We will use cron, a standard system service for running periodic jobs, to periodically check the certificate and renew it, if it is necessary.
Run the following command to open and edit the file named crontab that is used to configure cron actions:
In the opened file, past in the following line, then save and close the file:
The 15 3 * * * part of this line means that the following command will run at 3:15 am every day. You can choose any time.
Reconfigure flex.bi For HTTPS schema
Now, when you have access to your server through https schema, you have to configure flex.bi to use your domain name and https. To achieve this, you have to configure the file eazybi.toml which is located in the directory /home/flexbi/flexbi_private/config of your server.
- Run the following command to open the file for editing (in this example we are using vi text editor):
In the code example above we are using the vi text editor, but you can use the editor of your choice.
- In the opened file find the part [default_url_options]. It should look similar to this:
In the code example above you should see the IP address of your server instead of <your-ip-address>.
- Edit the part [default_url_options] following this example:
In the code example above enter your domain name instead of example.com.
Run the following command to restart flex.bi:
Congratulations, your server is set up and ready to go!