Use Vikunja with SSL certificate

Quiquoqua48 · 8 July 2022 08:10

Hi all, I’ve installed Vikunja on my Aws Lightsail server (Bitnami Nginx) with a custom domain. All works well if I connect to http://mydomain…com, Vikunja frontend served by Nginx (with no specific configuration) can connect to the backend.

The problem is when I connect to https://mydomain.com: I see well rendered login page, but can’t connect to the backend. In browser console I have error 404 for all requests Vikunja does. Probably I need any Nginx configuration but I don’t know how to fix it. Does anyone can help? Thanks

kolaente · 8 July 2022 12:42

Continuing this from Matrix:

The browser will prevent all requests to insecure sites (http) when you acces the frontend via https but not the api. To solve this, you must make the frontend and api available via https.

Since you’re hosting Vikunja in the “classic” wvay, you’ll need an nginx config similar to this (adopted from the example in the docs:

gzip  on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml;

server {
        listen 443 ssl http2;
        listen [::]:443;
 
        server_name DOMAIN.com;
 
        ssl_certificate /opt/bitnami/nginx/conf/bitnami/certs/server.crt;
        ssl_certificate_key /opt/bitnami/nginx/conf/bitnami/certs/server.key;

    location / {
        root   /path/to/vikunja/static/frontend/files;
        try_files $uri $uri/ /;
        index  index.html index.htm;
    }
    
    location ~* ^/(api|dav|\.well-known)/ {
        proxy_pass http://localhost:3456;
        client_max_body_size 20M;
    }
}

I would focus on getting the reverse proxy configuration to work first so that the Vikunja frontend is available at http://YOURDOMAIN and the api is available at http://YOURDOMAIN/api/v1/info. Then focus on tls termination. It might be the easiest to use certbot for that.

Quiquoqua48 · 8 July 2022 13:08

Thanks a lot Koalaente! It worked without any other modifies (should I worry or be happy? ), just added the code you wrote in the Nginx configuration file.