SSL/TLS Setup
You can run DMJBot over HTTPS in two supported ways:
- nginx reverse proxy in front of DMJBot (SSL terminates at nginx)
- DMJBot built-in TLS (service terminates SSL itself)
Option 1: nginx reverse proxy (recommended for multi-service hosts)
Use this when you already run nginx or want one entry point for several services.
1) Prepare certificates
Place files in docker/certs/:
docker/certs/fullchain.pemdocker/certs/privkey.pem
2) Start compose stack
docker compose -f docker/compose-nginx-ssl.yml up -d
This uses:
docker/compose-nginx-ssl.ymldocker/nginx.conf
Behavior:
- nginx listens on 443 and proxies to DMJBot HTTP (
dmjbot:80) internally. - nginx listens on 80 and redirects to HTTPS.
- WebSocket endpoints are proxied through nginx.
Option 2: DMJBot built-in TLS (no nginx)
Use this when you want the DMJBot container to serve HTTPS directly.
1) Prepare certificates
Place files in docker/certs/:
docker/certs/fullchain.pemdocker/certs/privkey.pem
2) Start compose stack
docker compose -f docker/compose-tls.yml up -d
This compose config sets:
DMJBOT_UI_SERVER__HTTP_LISTEN_HOST=(disables HTTP listener)DMJBOT_UI_SERVER__HTTPS_LISTEN_HOST=0.0.0.0:443DMJBOT_UI_SERVER__TLS__CERT_FILE=/certs/fullchain.pemDMJBOT_UI_SERVER__TLS__KEY_FILE=/certs/privkey.pem
Direct docker run example (built-in TLS)
docker run -d \
--name dmjbot \
--restart unless-stopped \
-p 443:443 \
-v dmjbot-data:/data \
-v "$(pwd)/docker/certs:/certs:ro" \
-e DMJBOT_UI_SERVER__HTTP_LISTEN_HOST= \
-e DMJBOT_UI_SERVER__HTTPS_LISTEN_HOST=0.0.0.0:443 \
-e DMJBOT_UI_SERVER__TLS__CERT_FILE=/certs/fullchain.pem \
-e DMJBOT_UI_SERVER__TLS__KEY_FILE=/certs/privkey.pem \
dmjbot/dmjbot:latest
Verification
- Open
https://<host>/login/and confirm a valid TLS certificate chain. - Check health endpoint through HTTPS:
curl -k https://<host>/api/health
Which option to choose
- Choose nginx reverse proxy when you need centralized ingress, routing, and SSL handling.
- Choose built-in TLS for the simplest single-service secure deployment.