In this tutorial we will understand few questions around HTTPs and most importantly how to enable HTTPs in Botpress.
Why HTTPs?
HTTPS helps prevent intruders from tampering with the communications between your websites and your usersâ browsers. You should always use HTTPS on all your websites and all the resource should be HTTPS-enabled, even if they donât handle sensitive communications. Aside from providing critical security and data integrity for both your websites and your usersâ personal information, it is a strict requirement for new browser features.
So how do we enable HTTPS for Botpress?
You can use any reverse proxy tool to place Botpress behind it. I will be using Nginx. It is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Download the latest mainline version distribution from here.
Install Nginx on Windows
Unpack the distribution, go to the extracted folder and run Nginx.
cd c:\ unzip nginx-1.17.8.zip cd nginx-1.17.8 start nginx
Install Nginx on Linux
Unpack the distribution and run below mentioned 3 commands. Once all commands are executed Nginx will be installed inside `/data/tools/nginx` directory.
./configure --prefix=/data/tools/nginx --without-http_gzip_module --with-cc-opt="-DTCP_FASTOPEN=23" --with-http_ssl_module --with-openssl=/data/tools/openssl-1.0.1t make -j2 make install
Nginx configuration /data/tools/nginx/nginx.conf file
In below configuration file replace `domain name/ip address` with your actual domain name or IP address
user root;
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
# Disable sending the server identification
server_tokens off;
# Prevent displaying Botpress in an iframe (clickjacking protection)
add_header X-Frame-Options SAMEORIGIN;
# Prevent browsers from detecting the mimetype if not sent by the server.
add_header X-Content-Type-Options nosniff;
# Force enable the XSS filter for the website, in case it was disabled manually
add_header X-XSS-Protection "1; mode=block";
# Configure the cache for static assets
proxy_cache_path /data/tools/nginx/nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=10g
inactive=60m use_temp_path=off;
# Set the max file size for uploads (make sure it is larger than the configured media size in botpress.config.json)
client_max_body_size 10M;
# Configure access
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream botpress {
server localhost:3000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# HTTPS server
server {
listen 443 ssl;
server_name <domain name/ip address>;
ssl_certificate /data/tools/bundle.crt;
ssl_certificate_key /data/tools/domain.name.key;
# Force the use of secure protocols only
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Enable session cache for added performances
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# Added security with HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
# Enable caching of assets by NGINX to reduce load on the server
location ~ .*/assets/.* {
proxy_cache my_cache;
proxy_ignore_headers Cache-Control;
proxy_hide_header Cache-Control;
proxy_hide_header Pragma;
proxy_pass http://localhost:3000;
proxy_cache_valid any 30m;
proxy_set_header Cache-Control max-age=30;
add_header Cache-Control max-age=30;
}
# We need to add specific headers so the websockets can be set up through the reverse proxy
location /socket.io/ {
proxy_pass http://localhost:3000/socket.io/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
# All other requests should be directed to the server
location / {
#root html;
#index index.html index.htm;
proxy_read_timeout 120;
proxy_pass http://botpress;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
Note: You must create an SSL certificate and key using either openssl or java keytool, assign them to ssl_certificate and ssl_certificate_key in nginx configuration. When this is a public facing bot then you must buy an SSL certificate for your site.
An example using OpenSSL to create local SSL certificates:
openssl genrsa -out domain.name.key 2048 openssl rsa -in domain.name.key -out domain.name.key openssl req -sha256 -new -key domain.name.key -out server.csr -subj '/CN=localhost' openssl x509 -req -sha256 -days 365 -in server.csr -signkey domain.name.key -out bundle.crt
Here replace localhost with your domain name/ip address.
Start Nginx
./nginx
Use the below URL to access the Botpress admin page.
https://<domain name/ip address>
Thatâs it. You have successfully configured HTTPS for Botpress
13 Comments
Syed Abdul Rehman · December 16, 2020 at 8:24 pm
i created a bot in windows 7 and i want to run the bot on HTTPS website .is it possible to enable https in botpress through windows
Simon · December 17, 2020 at 10:56 am
@Syed Yes it is possible. Botpress uses a load balancer like Nginx to configure itself as a HTTPS server. In this tutorial I created HTTPS web server and linked Botpress bot, so you can have your website’s routes defined in Nginx so that both your website and bot is https enabled.
Syed Abdul Rehman · December 17, 2020 at 1:21 pm
i’m trying to run nginx on windows but not running with no error đ
Simon · December 21, 2020 at 11:42 pm
Try below tutorial and check your nginx status.
https://www.javatpoint.com/how-to-install-nginx-on-windows
Abdul Rehman · December 17, 2020 at 8:37 pm
i want to deploy windows Botpress on Linux is it possible?
Simon · December 21, 2020 at 11:43 pm
Yes it is possible, it does not require any specific change.
prerna · June 3, 2021 at 5:52 pm
Hi sir, How my botpress bot run everytime
Simon · June 9, 2021 at 1:53 pm
@Prerna: I did not get your question, but if you want to run Botpress. Finish your development on your preferred system and deploy it in a Linux box using some process manager example pm2. Check here for more details.
Dhruv · October 22, 2021 at 10:57 am
The file you have given does not work on ubuntu please guide. I copied and pasted the whole code, or was i supposed to just add it as a snippet but that does not also work.
Rishabh · November 25, 2021 at 11:57 pm
I have enabled the ssl on my server and in the external url i have paste the https url but I am not able to access the admin page. Please help me my bot is in production.
Simon · December 13, 2021 at 2:43 pm
Try the following to help me debug this issue while accessing the Botpress admin page.
1. Check for any console errors (Chrome)
2. What HTTP response code do you get?
3. Check nginx both error and access log and see if the access related info is present in any 1 of them while accessing the admin page.
Rishabh Gupta · January 4, 2022 at 8:26 pm
I am having an AWS instance and installed the botpress over there, completed my workflow and now I want to integrate it with one of my live website. So to integrate it with website I read that we have to first enable the https for my botpress and I have gone through the official document and also gone through your recommended blog but didnât work like that. Pointed the domain to to the ip and created the A record changed the Nginx configuration but didnât find as mentioned in the blog. I need help my bot is in production it will be amazing if You can help me a bit
Prabu vignesh S · February 22, 2022 at 1:54 pm
Hi, i have tried to enable HTTP for my botpress. after enabling following you steps i tried to open using this url https:// i get an message saying my computer is refused to join. what should i do.