Feat: Add HTTPS setup instructions and configuration for Nginx (#8401)

### What problem does this PR solve? _Briefly describe what this PR aims to solve. Include background context that will help reviewers understand the purpose of the PR._ ### Type of change: Documentation Update/Refactoring #### Summary Adds HTTPS/SSL configuration guide/example to enable secure RAGFlow deployments with proper certificate management. #### Changes - New HTTPS Setup Section: Step-by-step guide for SSL certificate configuration - Let's Encrypt Integration: Complete Certbot setup instructions - Docker Configuration: Volume mapping examples for certificates #### Key Features - Prerequisites checklist - Docker Compose configuration examples - Support for both Let's Encrypt and existing certificates #### Files Modified - `README.md` - `ragflow.https.conf` (new file)
2025-11-03 11:20:26 +00:00 · 2025-06-23 09:36:15 +02:00 · 2025-06-23 09:36:15 +02:00 · 4760e317d5
commit 4760e317d5
parent 71afebb2c0
2 changed files with 116 additions and 0 deletions
--- a/docker/README.md
+++ b/docker/README.md
@ -6,6 +6,7 @@
 - 🐳 [Docker Compose](#-docker-compose)
 - 🐬 [Docker environment variables](#-docker-environment-variables)
 - 🐋 [Service configuration](#-service-configuration)
+- 📋 [Setup Examples](#-setup-examples)

 </details>

@ -192,3 +193,77 @@ The [.env](./.env) file contains important environment variables for Docker.

 > [!TIP]  
 > If you do not set the default LLM here, configure the default LLM on the **Settings** page in the RAGFlow UI.
+
+
+## 📋 Setup Examples
+
+### 🔒 HTTPS Setup
+
+#### Prerequisites
+
+- A registered domain name pointing to your server
+- Port 80 and 443 open on your server
+- Docker and Docker Compose installed
+
+#### Getting and configuring certificates (Let's Encrypt)
+
+If you want your instance to be available under `https`, follow these steps:
+
+1. **Install Certbot and obtain certificates**
+   ```bash
+   # Ubuntu/Debian
+   sudo apt update && sudo apt install certbot
+   
+   # CentOS/RHEL
+   sudo yum install certbot
+   
+   # Obtain certificates (replace with your actual domain)
+   sudo certbot certonly --standalone -d your-ragflow-domain.com
+   ```
+
+2. **Locate your certificates**  
+   Once generated, your certificates will be located at:
+   - Certificate: `/etc/letsencrypt/live/your-ragflow-domain.com/fullchain.pem`
+   - Private key: `/etc/letsencrypt/live/your-ragflow-domain.com/privkey.pem`
+
+3. **Update docker-compose.yml**  
+   Add the certificate volumes to the `ragflow` service in your `docker-compose.yml`:
+   ```yaml
+   services:
+     ragflow:
+       # ...existing configuration...
+       volumes:
+         # SSL certificates
+         - /etc/letsencrypt/live/your-ragflow-domain.com/fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro
+         - /etc/letsencrypt/live/your-ragflow-domain.com/privkey.pem:/etc/nginx/ssl/privkey.pem:ro
+         # Switch to HTTPS nginx configuration
+         - ./nginx/ragflow.https.conf:/etc/nginx/conf.d/ragflow.conf
+         # ...other existing volumes...
+  
+   ```
+
+4. **Update nginx configuration**  
+   Edit `nginx/ragflow.https.conf` and replace `my_ragflow_domain.com` with your actual domain name.
+
+5. **Restart the services**
+   ```bash
+   docker-compose down
+   docker-compose up -d
+   ```
+
+
+> [!IMPORTANT]
+> - Ensure your domain's DNS A record points to your server's IP address
+> - Stop any services running on ports 80/443 before obtaining certificates with `--standalone`
+
+> [!TIP]
+> For development or testing, you can use self-signed certificates, but browsers will show security warnings.
+
+#### Alternative: Using existing certificates
+
+If you already have SSL certificates from another provider:
+
+1. Place your certificates in a directory accessible to Docker
+2. Update the volume paths in `docker-compose.yml` to point to your certificate files
+3. Ensure the certificate file contains the full certificate chain
+4. Follow steps 4-5 from the Let's Encrypt guide above
--- a/docker/nginx/ragflow.https.conf
+++ b/docker/nginx/ragflow.https.conf
@ -0,0 +1,41 @@
+server {
+    listen 80;
+    server_name your-ragflow-domain.com;
+    return 301 https://$host$request_uri;
+}
+
+
+
+server {
+    listen 443 ssl;
+    server_name your-ragflow-domain.com;
+
+    ssl_certificate /etc/nginx/ssl/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+    root /ragflow/web/dist;
+
+    gzip on;
+    gzip_min_length 1k;
+    gzip_comp_level 9;
+    gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
+    gzip_vary on;
+    gzip_disable "MSIE [1-6]\.";
+
+    location ~ ^/(v1|api) {
+        proxy_pass http://ragflow:9380;
+        include proxy.conf;
+    }
+
+
+    location / {
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+
+    # Cache-Control: max-age~@~AExpires
+    location ~ ^/static/(css|js|media)/ {
+        expires 10y;
+        access_log off;
+    }
+}