UI Bakery Docs
RoadmapRelease notesSign In
  • 👋Welcome to UI Bakery!
  • 🌟Overview
    • 💡Video intro
    • ✨Main features
    • 🔖Glossary
  • 🛠️Getting started
    • Create an application
    • Build UI
      • Data mocking methods
    • Link components
    • Connect a data source
    • Load data
    • Bind data to UI
    • Transform data with JavaScript
      • Data mapping & transforming
    • Change component data
    • Send a form
    • Create a filter
    • Note on debugging
    • Deploy your application & invite users
  • 📌Concepts
    • Components
      • Component basics
      • Component methods
      • Components best practices
        • Input validation
        • Linking a Table to a Form/Detail
        • Using a single Form to add and update data
        • Searching Table based on input value
        • Configuring server-side pagination
        • Managing Date object time zones
        • Role-based Menu component items
        • Field types & types recognition
        • Expanding component to fit screen/container
        • Controlling component's visibility
    • Custom components
      • Unrestricted custom components
    • Data sources
      • Data source environments
      • Connecting local database via ngrok
      • SSH Tunneling
    • Actions
      • Actions basics
        • Calling actions from code
      • Actions management & shortcuts
      • Actions settings
      • Actions library
      • Server actions
      • Logs and debugging
    • UI Bakery variables
    • State variables
    • Local storage
    • Modules
    • Custom JavaScript
      • JavaScript files
    • Workspace management
      • Account & workspace
      • Seats & Shared permission groups in UI Bakery
      • Roles in UI Bakery
      • Role permissions
      • Explore the interface
      • App environments
        • Release management
      • Audit logs
      • Multi-factor authentication
    • Export & import an app
    • Mobile layout
    • Theme editor
      • Changing theme from the app
    • UI Bakery source control
      • Git controls overview
      • Migrating your app model to the latest version
  • ⚡How-tos
    • File management
      • Working with PDF files
      • CSV import & export
      • Uploading files using methods
      • Displaying files from Google Drive and Dropbox
      • Parsing and sending XML
    • Styling
      • Modifying components with CSS
    • Layout & navigation
      • Adding navigation to application
      • Reading query params from URL
      • Hiding UI Bakery loader in the Embedded mode
    • Data
      • Managing user data with the {{user.email}} variable
      • Using JS libraries
        • Internationalization (i18n) & Localization: Translating UI Bakery Apps
      • Implementing row-level security
      • Copying to clipboard
    • Custom code
      • Communicating with external sites via Iframe
      • Implementing custom app hotkeys
      • Retrying API with HTTP status code 202
  • 🔎Extras
    • UI Bakery Automations
      • Environment and release strategy
      • Git in automations
      • Using external Node libraries
    • UI Bakery Database
      • Database migration
  • 💻On-premise
    • UI Bakery on-premise
    • Install & update
      • Installing on-premise
        • Azure virtual machine
        • Azure container instance
        • AWS EC2 instance
        • Google Cloud Compute Engine VM instance
        • DigitalOcean 1-click droplet
        • Manual w/ docker compose
        • Manual w/ docker run
        • Windows installation
        • Kubernetes
          • AWS EKS with Fargate
          • Scaling and resource optimization
      • Troubleshooting installation errors
      • Updating on-premise
      • Updating license key
      • Updating environment variables
      • Recommendations
        • Architecture overview
        • UI Bakery in production
        • Resource optimization
        • Running a standalone database instance
        • Generating custom secrets
    • On-premise features
      • External analytics
      • Branding
      • Embedding
      • SCIM 2.0
      • Instance API
      • Activating features under a feature flag
    • Additional configurations
      • Health check API
      • Email configuration
      • Google Sheets connection setup
      • Salesforce connection setup
      • Azure blob storage configuration
      • Adding python backend code to existing installation
      • UI Bakery Postgres
    • Networking & security
      • Setting up a domain name
      • Configuring custom certificate authority
      • Custom base URL
      • Getting requests to the local network
      • Setting up SSL on Ubuntu
    • SSO
      • OpenID
        • Google OAuth2
        • Okta ODIC
        • Azure AD OAuth2
        • Token refresh
      • SAML
        • Okta SAML
        • Azure AD SAML
      • Role synchronization
      • Multiple SSO
      • Logout redirect
      • Troubleshooting
    • Git source control
      • Manage multi-instance deployment
      • Custom PR URL
      • Automate GitHub releases
      • Automate GitLab releases
      • Automate Bitbucket releases
    • Environment variables
  • 📚Reference
    • Data security measures
    • Improving app security
    • ✨AI Assistant
    • List of Components
      • S3 file uploader
      • Azure Blob Storage file uploader
      • Accordion
      • Alert
      • Avatar
      • Boolean
      • Breadcrumbs
      • Bubble map
      • Button
      • Card
      • Chart
      • Chat
      • Checkbox
      • Collapsible card
      • Color picker
      • Composite form
      • Container
      • Context menu button
      • Currency
      • Currency input
      • Date picker
      • Date & time
      • Date & time picker
      • Detail
      • Divider
      • Email input
      • Embedded App
      • File
      • File dropzone
      • File picker
      • Flex container
      • Form
      • Frame drawer
      • Grid view
      • Heading
      • Horizontal menu
      • Icon
      • iFrame
      • Image
      • Image picker
      • JSON editor
      • JSON viewer
      • Link
      • List view
      • Map
      • Menu
      • Metric
      • Modal
      • Multi-select
      • Number
      • Number input
      • Password input
      • PDF viewer
      • Percent
      • Pop-up form
      • Progress bar
      • QR code
      • Radio
      • Range slider
      • Rating
      • Reusable header
      • Reusable sidebar
      • Select
      • Signature
      • Slider
      • Steps
      • Stepper
      • Table
        • Conditional formatting based on cell value
        • Display name instead of ID for relation
        • Row context referencing
        • Select multiple table rows
        • How to Highlight Text in a Table Using mark.js
      • Tabs
      • Tabset
      • Tags
      • Text
      • Text annotate
      • Text input
      • Time picker
      • Toggle
      • Tree component
      • Video
      • Dynamic structure properties
      • Card (deprecated)
      • Input (deprecated)
    • Upgrading components
    • List of Data sources
      • Airtable
      • AWS S3
        • S3 compatible endpoints (DigitalOcean spaces)
      • AWS API
      • AWS Athena
      • AWS DynamoDB
      • AWS Lambda
      • AWS Redshift
      • Azure Blob Storage
      • Big Query
      • Databricks
      • Exasol
      • Firestore, Firebase Auth & Realtime DB
        • Firebase authentication
        • Managing database data
        • Firebase client-side SDK
        • Firebase libraries
      • GitHub
      • Google Sheets
      • GraphQL
      • HTTP API
        • API Authentication
      • HubSpot
      • Twilio
      • JDBC
      • MariaDB
      • MongoDB
      • MySQL
      • OpenAI
      • OpenAPI
      • Oracle
      • PostgreSQL
      • Presto
      • Redis
      • Salesforce
      • SAP Hana
      • SMTP
      • SendGrid
      • Slack
      • Snowflake
      • Spanner
      • SSH
      • Stripe
      • SQL Server
      • Supabase
      • UI Bakery AI
    • List of Action steps
      • Azure Blob Storage query
      • Bulk Create Rows
      • Bulk Delete Rows
      • Code step
      • Condition step
      • Create Row
      • Delete Row
      • DynamoDB request
      • Execute another action
      • Firebase query
      • Generate file
      • GraphQL query
      • HTTP request
      • Interval step
      • Load Table
      • Load Row
      • Loop action
      • MongoDB command
      • Navigation action
      • Open API request
      • Python backend code
      • Redis command
      • S3 query
      • Save to local storage
      • Save to state
      • Show notification
      • Slack messages
      • SMTP request
      • SSH command
      • SQL query
        • Writing SQL Queries
      • Update Row
    • Troubleshooting techniques
    • Performance optimization
Powered by GitBook

© 2025 UI Bakery

On this page
  • Install and configure Nginx
  • Option 1. Use Lets-Encrypt certificate
  • Install Certbot
  • Configure Certbot
  • Option 2. Use self-signed certificate
  • Create self signed certificate
  • Configure Nginx

Was this helpful?

Export as PDF
  1. On-premise
  2. Networking & security

Setting up SSL on Ubuntu

Set up secure connection to your UI Bakery on-prem instance

PreviousGetting requests to the local networkNextSSO

Last updated 4 months ago

Was this helpful?

The easiest way to secure connection to your UI Bakery instance with an SSL certificate is to use an additional web server that will proxy requests to your UI Bakery instance. Below you can find instructions on how to do that using:

  • a popular web server

  • a free SSL certificate that is generated by or a self-signed certificate

  • a tool to rotate SSL certificates called

This tutorial assumes that you would like to configure your UI Bakery instance to be run at the domain https://bakery.example.com and that your environmental variable UI_BAKERY_APP_SERVER_NAME is set to https://bakery.example.com

Install and configure Nginx

We will use additional web server Nginx to proxy requests to your UI Bakery instance. To install Nginx on your machine run:

sudo apt update
sudo apt install nginx

After Nginx is installed, you need to create a configuration for your UI Bakery platform in its configuration. Assuming, that you would like to run UI Bakery at the domain name bakery.example.com you need to create the following file located at /etc/nginx/sites-enabled/bakery.example.com:

server {
    listen 80;
    listen [::]:80;
    
    index index.html index.htm index.nginx-debian.html;
    
    server_name bakery.example.com;
    client_max_body_size 50M;
    
    location / {
        proxy_pass http://localhost:3030;
    }
}

Afterward, you can verify the syntax of your config file using the following command:

sudo nginx -t

If you get any error, open your configuration file and check that the syntax is correct.

Option 1. Use Lets-Encrypt certificate

Install Certbot

sudo snap install core; sudo snap refresh core

Afterward, you can install the Certbot tool:

sudo snap install --classic certbot

Finally, you can link Certbot to the directory available in PATH so you could easily run this tool from the command line without using the full path to the executable:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Configure Certbot

The easiest way to obtain a certificate and use it in your Nginx configuration is through the Certbot Nginx plugin:

sudo certbot --nginx -d bakery.example.com

After you run this command, the SSL certificate would be generated and the Nginx configuration file will be updated. So the only thing left to do is to reload the Nginx server:

sudo systemctl reload nginx

Make sure that port 443 is accessible on your VM!

Option 2. Use self-signed certificate

Create self signed certificate

To generate a self-signed key and certificate pair using OpenSSL type the following command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

You will be asked to to fill out the prompts. Make sure the Common Name (e.g. server FQDN or YOUR name) matches the domain in your nginx config.

Then you will need to create a strong Diffie-Hellman (DH) group with the following command:

sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096

Configure Nginx

Create a configuration snippet pointing to the SSL key and certificate in the /etc/nginx/snippets/self-signed.conf file:

ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

Put into the /etc/nginx/snippets/ssl-params.conf file the following SSL settings:

ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; 
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout  10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

Update your site configuration at /etc/nginx/sites-enabled/bakery.example.com :

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    include snippets/self-signed.conf;
    include snippets/ssl-params.conf;

    server_name bakery.example.com;
    client_max_body_size 50M;
    
    location / {
        proxy_pass http://localhost:3030;
    }
}

server {
    listen 80;
    listen [::]:80;

    server_name bakery.example.com;

    return 302 https://$server_name$request_uri;
}

After that you can check that your Nginx configuration is correct with the command:

sudo nginx -t

And then restart the Nginx service:

sudo systemctl restart nginx

is a Certificate Authority (CA) that facilitates obtaining and installing free TLS/SSL certificates.

is a tool that helps you automate the process of acquiring and rotating of SSL certificates. The Certbot team suggests installing the tool using snap. Install it if you don't have it installed already.

💻
Nginx
Let's Encrypt
Certbot
Let's Encrypt
Certbot