1 of 1

Setting up SSL on Ubuntu

Set up secure connection to your UI Bakery on-prem instance

The easiest way to secure connection to your UI Bakery instance with an SSL certificate is to use an additional web server that will proxy requests to your UI Bakery instance. Below you can find instructions on how to do that using:

a popular web server Nginx
a free SSL certificate that is generated by Let's Encrypt or a self-signed certificate
a tool to rotate SSL certificates called

This tutorial assumes that you would like to configure your UI Bakery instance to be run at the domain https://bakery.example.com and that your environmental variable UI_BAKERY_APP_SERVER_NAME is set to https://bakery.example.com

Install and configure Nginx

We will use additional web server Nginx to proxy requests to your UI Bakery instance. To install Nginx on your machine run:

After Nginx is installed, you need to create a configuration for your UI Bakery platform in its configuration. Assuming, that you would like to run UI Bakery at the domain name bakery.example.com you need to create the following file located at /etc/nginx/sites-enabled/bakery.example.com:

Afterward, you can verify the syntax of your config file using the following command:

If you get any error, open your configuration file and check that the syntax is correct.

Option 1. Use Lets-Encrypt certificate

is a Certificate Authority (CA) that facilitates obtaining and installing free TLS/SSL certificates.

Install Certbot

is a tool that helps you automate the process of acquiring and rotating of SSL certificates. The Certbot team suggests installing the tool using snap. Install it if you don't have it installed already.

Afterward, you can install the Certbot tool:

Finally, you can link Certbot to the directory available in PATH so you could easily run this tool from the command line without using the full path to the executable:

Configure Certbot

The easiest way to obtain a certificate and use it in your Nginx configuration is through the Certbot Nginx plugin:

After you run this command, the SSL certificate would be generated and the Nginx configuration file will be updated. So the only thing left to do is to reload the Nginx server:

Make sure that port 443 is accessible on your VM!

Option 2. Use self-signed certificate

Create self signed certificate

To generate a self-signed key and certificate pair using OpenSSL type the following command:

You will be asked to to fill out the prompts. Make sure the Common Name (e.g. server FQDN or YOUR name) matches the domain in your nginx config.

Then you will need to create a strong Diffie-Hellman (DH) group with the following command:

Configure Nginx

Create a configuration snippet pointing to the SSL key and certificate in the /etc/nginx/snippets/self-signed.conf file:

Put into the /etc/nginx/snippets/ssl-params.conf file the following SSL settings:

Update your site configuration at /etc/nginx/sites-enabled/bakery.example.com :

After that you can check that your Nginx configuration is correct with the command:

And then restart the Nginx service:

Setting up SSL on Ubuntu

Set up secure connection to your UI Bakery on-prem instance

a popular web server Nginx
a free SSL certificate that is generated by Let's Encrypt or a self-signed certificate
a tool to rotate SSL certificates called

Install and configure Nginx

We will use additional web server Nginx to proxy requests to your UI Bakery instance. To install Nginx on your machine run:

Afterward, you can verify the syntax of your config file using the following command:

If you get any error, open your configuration file and check that the syntax is correct.

Option 1. Use Lets-Encrypt certificate

is a Certificate Authority (CA) that facilitates obtaining and installing free TLS/SSL certificates.

Install Certbot

Afterward, you can install the Certbot tool:

Finally, you can link Certbot to the directory available in PATH so you could easily run this tool from the command line without using the full path to the executable:

Configure Certbot

The easiest way to obtain a certificate and use it in your Nginx configuration is through the Certbot Nginx plugin:

After you run this command, the SSL certificate would be generated and the Nginx configuration file will be updated. So the only thing left to do is to reload the Nginx server:

Make sure that port 443 is accessible on your VM!

Option 2. Use self-signed certificate

Create self signed certificate

To generate a self-signed key and certificate pair using OpenSSL type the following command:

You will be asked to to fill out the prompts. Make sure the Common Name (e.g. server FQDN or YOUR name) matches the domain in your nginx config.

Then you will need to create a strong Diffie-Hellman (DH) group with the following command:

Configure Nginx

Create a configuration snippet pointing to the SSL key and certificate in the /etc/nginx/snippets/self-signed.conf file:

Put into the /etc/nginx/snippets/ssl-params.conf file the following SSL settings:

Update your site configuration at /etc/nginx/sites-enabled/bakery.example.com :

After that you can check that your Nginx configuration is correct with the command:

And then restart the Nginx service: