nginxstreamlit

How to correctly run streamlit app with nginx on https?


I am trying to run streamlit app on a domain on my server with nginx. The address https://streamlit.domain.com should open my application on port 8501. I'm using ssl, but for some reason when opening the site the warning net::ERR_CERT_COMMON_COMMON_NAME_INVALID appears, which is scaring new users (you need to click "Advanced", then "continue to ...domain.com (unsafe)"). I don't want to specify certificates in the streamlit config or use docker.

How can i fix this? Do I need to make a new certificate for the subdomain?

nginx proxy config:

server {
    listen 80;
    server_name streamlit.domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name streamlit.domain.com;

    ssl_certificate /etc/nginx/sites-available/domain.crt;
    ssl_certificate_key /etc/nginx/sites-available/domain.key;

    location / {
        proxy_pass http://127.0.0.1:8501/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }
}

I tried different settings in the config, but it didn't work.


Solution

  • Create a valid SSL certificate for your subdomain. As I mentioned above, you can create a new certificate for streamlit.domain.com with Let's Encrypt. After creating the certificate, make sure you add the correct files to your configuration. If you're using Let's Encrypt, your certificate files should look like this:

    ssl_certificate /etc/letsencrypt/live/streamlit.domain.com/fullchain.pem;
    

    ssl_certificate_key /etc/letsencrypt/live/streamlit.domain.com/privkey.pem;

    Test Nginx Configuration and Restart In the last step, test your Nginx configuration and restart:

    sudo nginx -t sudo systemctl restart nginx