1. Overview
  2. Admin Guides
  3. Installation
  4. How to configure Yurbi on Linux for HTTPS/SSL

How to configure Yurbi on Linux for HTTPS/SSL

Version: Yurbi v11 or higher

Role: You must have root privileges or be a root-equivalent user to perform this installation.

Applies to: Yurbi installs on Linux

Overview

By default, Yurbi installs using port 80. It is highly recommended to install an SSL certificate to ensure secure communication between end-user browsers and the Yurbi server, especially if you are allowing communication outside your private environment.

Yurbi itself doesn't care what domain you use — it just listens on port 5000 locally. NGINX sits in front and forwards traffic to it. Configuring HTTPS is really just two things:

  • Point a domain at the server

  • Issue an SSL certificate for that domain

This guide uses Let's Encrypt, which issues free SSL certificates that are valid for 90 days. It covers two methods for issuing the certificate. Option A (HTTP-01) is simpler but requires port 80 to be opened for renewals. Option B (DNS-01) is fully automated with port 80 closed, but requires more upfront setup.

If you are unsure about any of the networking terms, this process should be completed by your IT department or a technical consultant. For additional questions, you can contact us at support@yurbi.com.

Prerequisites

Before starting, add an A record in your public DNS that points a fully qualified web domain (for example, reporting.domain.com) to the public-facing IP address of your Yurbi server.

Wait a few minutes for DNS to propagate before moving on.

Step 1: Issue the SSL Certificate

SSH to your server and choose one of the two options below.

Option A — HTTP-01 (simpler)

Let's Encrypt connects to your server on port 80 to verify you own the domain. Temporarily open port 80 in your firewall, then run (replace yourdomain.com with your actual domain):

sudo certbot --nginx -d yourdomain.com

Certbot will verify the domain, download the certificate, update your NGINX configuration at /etc/nginx/sites-enabled/yurbi, and configure HTTPS. When prompted about redirecting HTTP to HTTPS, answer yes.

Once the certificate is issued, you can close port 80 again. HTTPS traffic goes over port 443 — port 80 is only needed for the initial issuance and future renewals.

The tradeoff: Certificates expire every 90 days, and certbot's built-in auto-renewal needs port 80 open to work. With port 80 blocked, you will need to renew manually before the 90-day mark. The process:

  1. Open port 80 in your firewall

  2. Run sudo certbot renew

  3. Close port 80

It takes about two minutes. Set a recurring calendar reminder for every 60 days to give yourself buffer. If a renewal is missed, the site will still work — you'll just get a browser warning until you renew.

Option B — DNS-01 (fully automated, more setup)

If you'd rather not deal with manual renewals, DNS-01 proves domain ownership via a TXT record in DNS instead of port 80. Port 80 stays closed permanently, and renewals happen automatically. The tradeoff is more upfront setup, and it only works if your DNS provider has a certbot plugin.

B1. Install the certbot plugin for your DNS provider

sudo apt install python3-certbot-dns-cloudflare

Swap cloudflare for your provider — for example route53, google, or digitalocean. If your DNS provider is not supported, use Option A instead.

B2. Create an API credentials file

This lets certbot add the TXT record for you during renewals. For Cloudflare:

sudo mkdir -p /root/.secrets
sudo nano /root/.secrets/cloudflare.ini

Paste in your API token:

dns_cloudflare_api_token = YOUR_TOKEN_HERE

Lock down the file permissions:

sudo chmod 600 /root/.secrets/cloudflare.ini

B3. Request the certificate

sudo certbot --nginx \
  --dns-cloudflare \
  --dns-cloudflare-credentials /root/.secrets/cloudflare.ini \
  -d yourdomain.com

When prompted about redirecting HTTP to HTTPS, answer yes.

B4. Confirm auto-renewals work

sudo certbot renew --dry-run

If that succeeds, you are done. Certbot will auto-renew the certificate without any intervention from you, and port 80 can stay closed.

Step 2: Validate the Configuration

Open your browser and go to:

https://<your domain>

Confirm that you can log into Yurbi successfully and that the browser shows a valid SSL lock icon.

For further assistance, reach out to us at support@yurbi.com.

Changing to a Different Domain Later

If you already have Yurbi running with HTTPS and need to switch to a new domain, the process is:

  1. Update DNS — Add an A record for the new domain pointing to your Yurbi server's public IP.

  2. Remove the old certificate — List existing certificates and delete the one for the old domain:

    sudo certbot certificates
    sudo certbot delete --cert-name olddomain.com

    This also cleans up the HTTPS entries certbot added to /etc/nginx/sites-enabled/yurbi. Open that file afterward and confirm it looks like the original configuration (just the port 80 server block) before moving on.

  3. Issue a new certificate — Follow Step 1 above (Option A or Option B) using the new domain name.

  4. Validate — Follow Step 2 above using the new domain.