Custom Domain and SSL
This page explains how to configure SSL for your custom domain on a self-hosted Appsmith instance, ensuring secure HTTPS connections for your applications.
For Kubernetes installations, see Configure TLS for Kubernetes.
Prerequisites
Before configuring SSL for your custom domain, ensure you have the following:
- A self-hosted Appsmith instance installed. If not already installed, refer to the installation guides. This guide assumes you are working with an existing installation.
- A custom domain purchased from a domain provider, such as:
- Ports 80 and 443 must be open and accessible. If using custom ports, ensure they are also open and accessible.
- Access to Admin Settings in your Appsmith instance.
Configure SSL
You can use your custom domain with the HTTP protocol, even if you haven’t set up an SSL certificate. To ensure secure connections using HTTPS, it’s recommended to configure SSL. You can choose from the following two methods:
- Set up Let’s Encrypt SSL certificate (recommended for most users)
- Set up a custom SSL certificate
SSL using Let’s Encrypt certificate
Let's Encrypt does not support provisioning a certificate for ephemeral domain names since they are high-risk.
Follow these steps to generate and maintain an SSL certificate for your custom domain using Let’s Encrypt:
-
Go to the Admin Settings in your Appsmith instance.
-
Click Advanced Settings from the left navigation.
-
Add your custom domain name to the Custom Domain field.
-
Click the SAVE & RESTART button.
When Appsmith restarts, it will generate an SSL certificate for your custom domain. Access your Appsmith instance via HTTPS on port 443.
SSL using custom certificate
Follow these steps to configure SSL using a custom SSL Certificate:
-
Rename the certificate file as
fullchain.pemand the key file asprivkey.pem. -
Verify that the private key file is valid by running the following command in the terminal:
openssl pkey -in privkey.pem -pubout -outform pem | sha256sumWhen prompted enter the pass phrase. Take a note of the hash generated by the command.
-
Verify the public key in the certificate using this command:
openssl x509 -in fullchain.pem -pubkey -noout -outform pem | sha256sumVerify the hash generated by above command with the hash generated by the command in step 2. Both checks produce matching hashes, confirming the integrity of the certificate and key pair.
-
Copy these files into the subdirectory
<MOUNTING-DIRECTORY>/ssl/. Ensure that you change<MOUNTING-DIRECTORY>by the mounting volume directory available in thedocker-compose.yml. For example, the default value is./stacks. -
Go to the Admin Settings in your Appsmith instance. Under Advanced Settings - add your custom domain name to the Custom Domain field, and click the SAVE & RESTART button. You can also set up the custom domain using a custom domain environment variable.
-
Open the terminal, go to the Appsmith installation directory, and restart the container using the below command:
docker-compose restart appsmithThe container uses the certificate present in the
<MOUNTING-DIRECTORY>/sslfolder.
Troubleshooting
You may face SSL/TLS certificate error while configuring SSL, follow the below guide to troubleshoot:
- SSL/TLS Certificate Error
- Verify logs for errors. For more information, see Get Container logs guide.
If you continue to face issues, contact the support team using the chat widget at the bottom right of this page.
See also
- Configure Environment Variables: Learn how to configure environment variables, which may be necessary when setting up TLS and Appsmith in Kubernetes.
- Configure HTTP/HTTPS Proxy: Setup HTTP/HTTPS proxy if required for your deployment while configuring TLS or managing network traffic.
- Configure TLS for Kubernetes: Learn how to set up TLS for Appsmith on Kubernetes.
- Install an SSL certificate on DigitalOcean: Follow this guide to configure SSL for your DigitalOcean Droplet.