3 minutes read

In this tutorial we will understand few questions around HTTPs and most importantly how to enable HTTPs in Botpress.

Why HTTPs?

HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. You should always use HTTPS on all your websites and all the resource should be HTTPS-enabled, even if they don’t handle sensitive communications. Aside from providing critical security and data integrity for both your websites and your users’ personal information, it is a strict requirement for new browser features.

So how do we enable HTTPS for Botpress?

You can use any reverse proxy tool to place Botpress behind it. I will be using Nginx. It is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.

Download the latest mainline version distribution from here.

Install Nginx on Windows

Unpack the distribution, go to the extracted folder and run Nginx.

cd c:\
unzip nginx-1.17.8.zip
cd nginx-1.17.8
start nginx

Install Nginx on Linux

Unpack the distribution and run below mentioned 3 commands. Once all commands are executed Nginx will be installed inside `/data/tools/nginx` directory.

./configure --prefix=/data/tools/nginx --without-http_gzip_module --with-cc-opt="-DTCP_FASTOPEN=23" --with-http_ssl_module --with-openssl=/data/tools/openssl-1.0.1t
make -j2
make install

Nginx configuration /data/tools/nginx/nginx.conf file

In below configuration file replace `domain name/ip address` with your actual domain name or IP address

user  root;
worker_processes  1;

error_log  logs/error.log;

events {
    worker_connections  1024;

http {

	# Disable sending the server identification
	server_tokens off;

	# Prevent displaying Botpress in an iframe (clickjacking protection)
	add_header X-Frame-Options SAMEORIGIN;

	# Prevent browsers from detecting the mimetype if not sent by the server.
	add_header X-Content-Type-Options nosniff;

	# Force enable the XSS filter for the website, in case it was disabled manually
	add_header X-XSS-Protection "1; mode=block";

	# Configure the cache for static assets
	proxy_cache_path /data/tools/nginx/nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=10g
	inactive=60m use_temp_path=off;

	# Set the max file size for uploads (make sure it is larger than the configured media size in botpress.config.json)
	client_max_body_size 10M;

	# Configure access
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log logs/access.log main;

	sendfile on;
	#tcp_nopush     on;

	#keepalive_timeout  0;
	keepalive_timeout 65;

	#gzip  on;

	upstream botpress  {
	  server localhost:3000;

	server {
	  listen 80 default_server;
	  listen [::]:80 default_server;
	  server_name _;
	  return 301 https://$host$request_uri;

	# HTTPS server
	server {
		listen       443 ssl;
		server_name  <domain name/ip address>;
		ssl_certificate      /data/tools/bundle.crt;
		ssl_certificate_key  /data/tools/domain.name.key;

		# Force the use of secure protocols only
		ssl_prefer_server_ciphers on;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

		# Enable session cache for added performances
		ssl_session_cache shared:SSL:50m;
		ssl_session_timeout 1d;
		ssl_session_tickets off;

		# Added security with HSTS
		add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

		# Enable caching of assets by NGINX to reduce load on the server
		location ~ .*/assets/.* {
		  proxy_cache my_cache;
		  proxy_ignore_headers Cache-Control;
		  proxy_hide_header Cache-Control;
		  proxy_hide_header Pragma;
		  proxy_pass http://localhost:3000;
		  proxy_cache_valid any 30m;
		  proxy_set_header Cache-Control max-age=30;
		  add_header Cache-Control max-age=30;

		# We need to add specific headers so the websockets can be set up through the reverse proxy
		location /socket.io/ {
		  proxy_pass http://localhost:3000/socket.io/;
		  proxy_http_version 1.1;
		  proxy_set_header Upgrade $http_upgrade;
		  proxy_set_header Connection "Upgrade";
		# All other requests should be directed to the server
		location / {			
		  #root   html;
		  #index  index.html index.htm;
		  proxy_read_timeout 120;
		  proxy_pass http://botpress;

		  proxy_set_header X-Forwarded-For $remote_addr;
		  proxy_set_header Host $http_host;
		  proxy_http_version 1.1;
		  proxy_set_header Upgrade $http_upgrade;
		  proxy_set_header Connection "upgrade";

Note: You must create an SSL certificate and key using either openssl or java keytool, assign them to ssl_certificate and ssl_certificate_key in nginx configuration. When this is a public facing bot then you must buy an SSL certificate for your site.

An example using OpenSSL to create local SSL certificates:

openssl genrsa -out domain.name.key 2048
openssl rsa -in domain.name.key -out domain.name.key
openssl req -sha256 -new -key domain.name.key -out server.csr -subj '/CN=localhost'
openssl x509 -req -sha256 -days 365 -in server.csr -signkey domain.name.key -out bundle.crt

Here replace localhost with your domain name/ip address.

Start Nginx


Use the below URL to access the Botpress admin page.

https://<domain name/ip address>

That’s it. You have successfully configured HTTPS for Botpress


I am a Fullstack developer and Consultant with an experience of 9+ years in the industry. I mainly work on Java, React, Javascript, NodeJs, Elasticsearch and Botpress.


Syed Abdul Rehman · December 16, 2020 at 8:24 pm

i created a bot in windows 7 and i want to run the bot on HTTPS website .is it possible to enable https in botpress through windows

    Simon · December 17, 2020 at 10:56 am

    @Syed Yes it is possible. Botpress uses a load balancer like Nginx to configure itself as a HTTPS server. In this tutorial I created HTTPS web server and linked Botpress bot, so you can have your website’s routes defined in Nginx so that both your website and bot is https enabled.

Abdul Rehman · December 17, 2020 at 8:37 pm

i want to deploy windows Botpress on Linux is it possible?

    Simon · December 21, 2020 at 11:43 pm

    Yes it is possible, it does not require any specific change.

prerna · June 3, 2021 at 5:52 pm

Hi sir, How my botpress bot run everytime

    Simon · June 9, 2021 at 1:53 pm

    @Prerna: I did not get your question, but if you want to run Botpress. Finish your development on your preferred system and deploy it in a Linux box using some process manager example pm2. Check here for more details.

Dhruv · October 22, 2021 at 10:57 am

The file you have given does not work on ubuntu please guide. I copied and pasted the whole code, or was i supposed to just add it as a snippet but that does not also work.

Rishabh · November 25, 2021 at 11:57 pm

I have enabled the ssl on my server and in the external url i have paste the https url but I am not able to access the admin page. Please help me my bot is in production.

    Simon · December 13, 2021 at 2:43 pm

    Try the following to help me debug this issue while accessing the Botpress admin page.
    1. Check for any console errors (Chrome)
    2. What HTTP response code do you get?
    3. Check nginx both error and access log and see if the access related info is present in any 1 of them while accessing the admin page.

Rishabh Gupta · January 4, 2022 at 8:26 pm

I am having an AWS instance and installed the botpress over there, completed my workflow and now I want to integrate it with one of my live website. So to integrate it with website I read that we have to first enable the https for my botpress and I have gone through the official document and also gone through your recommended blog but didn’t work like that. Pointed the domain to to the ip and created the A record changed the Nginx configuration but didn’t find as mentioned in the blog. I need help my bot is in production it will be amazing if You can help me a bit

Prabu vignesh S · February 22, 2022 at 1:54 pm

Hi, i have tried to enable HTTP for my botpress. after enabling following you steps i tried to open using this url https:// i get an message saying my computer is refused to join. what should i do.

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.