How does MetaBrainz use HTTPS on ListenBrainz?

Hi again!

I set up a production ListenBrainz server but I can’t figure out how to use HTTPS for the site.

I wanted to avoid touching the upstream repository as much as possible (i.e. making changes to use HTTPS in the Docker files / code). I thought of using an nginx reverse proxy and tried following three guides:

• Securing HTTP Traffic to Upstream Servers
• How To Configure Nginx with SSL as a Reverse Proxy for Jenkins
• How to proxy web apps using nginx?

However, all of these guides resulted in 502 Bad Gateways or my browser would fail to establish a connection. (Note: I did change the port the Docker web container ran on from 80 to 8081 because I couldn’t get nginx to start otherwise.)

I was curious… how does MetaBrainz do this in production? I’d like to support HTTPS for our site too, but can’t figure out how to do it.

Can you give some more information about your setup? Without seeing configuration files and understanding your infrastructure it’s very difficult to troubleshoot an issue with only “I see a 502 Bad Gateway error”

If you don’t want to modify the LB docker images, the most normal way of doing something like this would be to have:

[internet] --HTTPS--> [load balancer] --HTTP--> [listenbrainz]

In this case you could use nginx or haproxy as your load balancer, like in the examples that you linked. Note that the connection between the load balancer and application server is HTTP only. Because the listenbrainz server can’t speak HTTPS and doesn’t have a certificate, it’s much easier to do it this way.

I assume you already have a load balancer with nginx set up with an HTTPS certificate. Can you serve a file from here? (e.g. with a location block that has a root configuration statement). Does your load balancer work over HTTP fine?