docs/administrator/configurations/config_ssl_cert.md
Configure SSL certificates for a RAGFlow instance deployed via Docker.
This guide details how to configure SSL certificates for a RAGFlow instance deployed via Docker, using the container name docker-ragflow-cpu-1 as an example.
Ensure you have Nginx-formatted certificate files ready:
fullchain.pem or server.crt.privkey.pem or server.key.If necessary, rename your files to match the standard:
# Rename bundle to fullchain.pem
cp XXXXX_bundle.pem fullchain.pem
# Rename private key to privkey.pem
cp XXXXX.key privkey.pem
Verify that your container is running:
docker ps
Transfer the files from your host machine to the container's temporary directory:
docker cp ./fullchain.pem docker-ragflow-cpu-1:/tmp/fullchain.pem
docker cp ./privkey.pem docker-ragflow-cpu-1:/tmp/privkey.pem
Enter the container's interactive terminal:
docker exec -it docker-ragflow-cpu-1 /bin/bash
Once inside, move the files and set appropriate permissions:
mkdir -p /etc/nginx/ssl
mv /tmp/fullchain.pem /etc/nginx/ssl/
mv /tmp/privkey.pem /etc/nginx/ssl/
# Set permissions: 644 for public key, 600 for private key
chmod 644 /etc/nginx/ssl/fullchain.pem
chmod 600 /etc/nginx/ssl/privkey.pem
Replace the default HTTP configuration with the HTTPS template:
cd /etc/nginx/conf.d/.mv ragflow.conf ragflow.conf.bak.cp /etc/nginx/ragflow.https.conf ./ragflow.conf.vi ragflow.conf.ssl_certificate and ssl_certificate_key paths point to your files in /etc/nginx/ssl/.nginx -t.Reload Nginx to apply changes:
nginx -s reload
If the changes do not take effect, exit the container and restart it:
exit
docker restart docker-ragflow-cpu-1
:::tip IMPORTANT
Changes made via docker cp and docker exec are lost if the container is removed or stopped via docker-compose down.
Recommendation: After a successful test, store the certificates on the host machine and use volumes in your docker-compose.yaml to mount the certificates and ragflow.conf permanently.
:::