Formbricks Open source Forms & Surveys Logo

Using Formbricks One-Click Setup with a Custom SSL Certificate

Formbricks One-Click setup already comes with a valid SSL certificate using Let's Encrypt. This guide is only if you already have a valid SSL certificate that you need to use due to company policy or other requirements.

Introduction

While Formbricks' One-Click setup can automatically create a valid SSL certificate using Let's Encrypt, there are scenarios where a custom SSL certificate is necessary. This is particularly relevant for environments like intranets or other setups with specific certificate requirements, where an internal or custom certificate authority (CA) might be used.

Step 1: Navigate to the Formbricks Folder

Navigate into the "formbricks" folder that contains all the files from the Formbricks One-Click setup.

cd formbricks

Step 2: Create a Folder for SSL Certificates

Create a new folder named "certs" within the "formbricks" folder. Place your SSL certificate files (fullchain.crt and cert.key) in this directory.

mkdir certs
# Move your SSL certificate files to the certs folder
mv /path/to/your/fullchain.crt certs/
mv /path/to/your/cert.key certs/

Step 3: Understand SSL Certificate Files

For a custom SSL setup, you need the following files:

  • fullchain.crt: This file contains your SSL certificate along with the entire certificate chain. The certificate chain includes intermediate certificates that link your SSL certificate to a trusted root certificate.
  • cert.key: This is your private key file. It is used to encrypt and decrypt data sent between your server and clients.

Step 4: Update File Permissions

Ensure the directory and files have appropriate permissions:

sudo chown root:root certs/*
sudo chmod 600 certs/*

Step 5: Update traefik.yaml

Update your traefik.yaml file to define entry points for HTTP and HTTPS traffic and set up a provider for Traefik to use Docker and a file-based configuration.

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"

providers:
  docker:
    watch: true
    exposedByDefault: false
  file:
    directory: /etc/traefik/dynamic

Step 6: Create certs-traefik.yaml

Create a certs-traefik.yaml file that specifies the path to your custom SSL certificate and key.

tls:
  certificates:
    - certFile: /certs/fullchain.crt
      keyFile: /certs/cert.key

Step 7: Update docker-compose.yml

Update your docker-compose.yml file to enforce TLS and link to your custom SSL certificate. Here's an example configuration for both the Formbricks and Traefik services. The rest of the configuration should remain the same as the One-Click setup:

services:
  formbricks:
    restart: always
    image: ghcr.io/formbricks/formbricks:latest
    depends_on:
      - postgres
    labels:
      - "traefik.enable=true"  # Enable Traefik for this service
      - "traefik.http.routers.formbricks.rule=Host(`my-domain.com`)"  # Use your actual domain or IP
      - "traefik.http.routers.formbricks.entrypoints=websecure"  # Use the websecure entrypoint (port 443 with TLS)
      - "traefik.http.routers.formbricks.tls=true"  # Enable TLS
      - "traefik.http.services.formbricks.loadbalancer.server.port=3000"  # Forward traffic to Formbricks on port 3000
    ports:
      - 3000:3000
    volumes:
      - uploads:/home/nextjs/apps/web/uploads/
    <<: *environment

  traefik:
    image: "traefik:v2.7"
    restart: always
    container_name: "traefik"
    depends_on:
      - formbricks
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - ./traefik.yaml:/traefik.yaml
      - ./acme.json:/acme.json
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./certs:/certs
      - ./certs-traefik.yaml:/etc/traefik/dynamic/certs-traefik.yaml

Summary

  1. Navigate to the Formbricks Folder: Move into the "formbricks" directory.
  2. Create a Folder for SSL Certificates: Create a "certs" folder and place your fullchain.crt and cert.key files inside it.
  3. Understand SSL Certificate Files: Ensure you have the fullchain.crt and cert.key files.
  4. Update File Permissions: Ensure the certificate files have the correct permissions.
  5. Update traefik.yaml: Define entry points and remove certificate resolvers.
  6. Create certs-traefik.yaml: Specify the paths to your SSL certificate and key.
  7. Update docker-compose.yml: Configure Traefik labels to enforce TLS and mount the certificate directory.

This setup ensures that Formbricks uses your custom SSL certificate for secure communications, suitable for environments with special certificate requirements.

Was this page helpful?