Adding SSL to self-hosted NewsBlur

Hi - great product and really getting a lot out of it.

I’ve got a self-hosted instance up and running after making a few tweaks (noting here for anyone looking for hints on their setup)

-apt install build-essential if not on system to run make nb and make collectstatic
-using willnorris/imageproxy for imageproxy
-change protected mode to no in redis.conf
-run make collectstatic to install assets

last thing i am trying to figure out is how to add ssl certificate for my custom domain with certbot without breaking the nginx config - any suggestions there?

thanks in advance

Why the change in protected mode for redis? Also, what happens if you don’t run collectstatic? It shouldn’t be necessary in the default configuration.

As for the ssl issue, haproxy is the service that wants your ssl cert, not nginx. Nginx used to handle it, which is why there are references in the configs, but really the haproxy.docker-compose.cfg file is the one you want.

Thanks for getting back.

Running redis in protected mode I get below - also tried setting a password but got an error as well - can try to recreate if needed.

ResponseError at /

DENIED Redis is running in protected mode because protected mode is enabled and no password is set for the default user. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command ‘CONFIG SET protected-mode no’ from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to ‘no’, and then restarting the server. 3) If you started the server manually just for testing, restart it with the ‘–protected-mode no’ option. 4) Setup a an authentication password for the default user. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.

When I run default setup without make collectstatic I get the same result noted in: Benefits of owning a self-hosted NewsBlur? - #17 by samuelclay

-tried changing the debug settings as noted elsewhere but might’ve missed something

haven’t used haproxy prior to this so will have to have a look around but ended up using cloudflare as a proxy for ssl which works well enough but for now