This example shows how to serve NiceGUI with HTTPS encryption behind NGINX. For running the app under a subpath, have a look at https://github.com/zauberzeug/nicegui/blob/main/examples/nginx_subpath.
-
Create the
certs/directory:mkdir certs
-
Generate and self-sign an SSL certificate for "localhost":
openssl req -x509 -out certs/localhost.crt -keyout certs/localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <( printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
-
Run the containerized app:
docker compose up
-
Try to access http:https://localhost (without the "s"). You will be automatically redirected to the HTTPS version.
-
Depending on your browser, you should typically receive a warning that the certificate authority is invalid. This is perfectly normal as we issued and self-signed a simple certificate for demo use locally. So proceed anyway, e.g. on Chrome, click on "Advanced" > "Proceed to localhost (unsafe)".
-
Note the "Hello World" message from the app accessed with encrypted connection.
-
For production, you will need your own domain and a proper SSL certificate issued by a recognized Certificate Authority (CA). You can consider the free CA Let's Encrypt provided by the Internal Security Research Group, and use their Certbox tool to generate the certificates for your own domain.
-
If you already have an NGINX server running and want to add your NiceGUI app, you can reuse a stripped-down version of the nginx.conf file, nginx_site.conf.
sudo cp nginx_site.conf /etc/nginx/sites-available/my_nicegui_app.conf
sudo nano /etc/nginx/sites-available/my_nicegui_app.conf # customize your domain, certificates, port number, etc.
sudo ln -s /etc/nginx/sites-available/mynicegui_app.conf /etc/nginx/sites-enabled
sudo systemctl reload nginx