We are attempting to enable SSL on the Metabase dashboard. Could you kindly provide a document with screenshots illustrating the necessary steps?
Try installing a reverse proxy like nginx and do ssl termination there
We use IIS with ARR to reverse proxy and handle the SSL for Metabase. I don't have an exact guide but it was something along the lines of Setup IIS with URL Rewrite as a reverse proxy for real world apps - Microsoft Community Hub
I have 2 customer's servers running on Windows (not IIS). Both have the certificate in a Java Keystore (JKS). that's then referenced in the service (created using NSSM).
I've used Portecle to add the certificate to the keystore.
If you're used to just adding the certificate to IIS, you're in for a steep learning curve. MS did a great job hiding the complexity of certificates.
Hi @notrom ,
I am also trying to enable SSL on windows server running IIS with ARR and I would greatly appreciate if you could give some more detail on the configuration. I am struggling to have this configured.
I would move to Linux + nginx if I were you
I'd tend to agree with Luiggi but we don't always get to make that choice. If I was starting all over again I'd go that way.
Our IT admin guys installed the SSL certificate on the server (we use it in other places too), I'm not familiar with that but details likely depend on the cert provider.
Other than that it's mostly in that linked article. Bind IIS site to port 443, all requests trigger UrlRewrite to push traffic to the local Metabase instance running on port 3000. Use NSSM to run Metabase as a service.
Sorry I can't be of more help.
Hi
I think I have configured the reverse-proxy (URL Rewrite) and access is going through the https URL but users can still access Metabase using the HTTP URL. How do I prevent access via HTTP.
If you mean forcing IIS to redirect all http to https, i.e. http://metabase.yourhost.com/ -> https://metabase.yourhost.com/ something like this Best way to redirect all HTTP to HTTPS in IIS - Server Fault
If you mean blocking direct access to Metabase's built in Jetty server e.g. http://yourhost.com:3000/ from external IP then I'd guess you need to setup some Windows firewall rules to block connections from external IP, but that'll depend on your setup. Not something I've looked at sorry.
Hello Guys,
i have learn basic steps for Enabling SSL on a Windows Server. So , below i have shared that steps.
I hope this information is useful for you.
Enabling SSL on a Windows Server involves a few steps.
1. Install SSL Certificate:
Install SSL certificate from a Certificate Authority (CA). Install it on your server using the Certificate Management console (certlm.msc).
2. Configure IIS:
Open Internet Information Services (IIS) Manager. Select your site, go to "Bindings," and add a new binding for HTTPS (port 443). Choose the installed SSL certificate.
3. Verify Firewall Settings:
Ensure that the server's firewall allows traffic on port 443 for HTTPS.
4. Update Website Links:
Update any website links to use "https://" instead of "http://".
5. Restart IIS:
Restart the IIS service or perform a full server restart to apply changes.
Always remember to keep backups before making significant changes.
Thank You,
Charmi Patel