Ayon nginx setup configuration

Hi!

We have managed to run Ayon on HTTPS under a self-signed cert. However chrome believes it is not secure; hence, the notifications are not working

Any thoughts on the proper setup method to get it working for a self-ayon deployment server?

This article/tutorial got linked here as good reference for how to set up SSL (https) for AYON by @robert

Does that suffice? or what have you done so far?
Feel free to share your setup.

In all fairness , someone from our IT department picked this up for me.
Was a bit fiddling, but in the end nothing that was a massive headache.

And indeed the self-signed is not working, that’s waht we tried in the beginning.
But browsers are so secure, that that won’t do it unfortunatly.

So we just got the certificate from our own website, that worked.

Thanks for the info!

Getting a certificate from the domain and putting Ayon Web in WAN (internet) is risky, right?

Did you manage to get it working using that certificate in local (Intranet)? or you guys using domain URLs for accessing it over the internet?

To get around this, we implement a local DNS forwarding scheme that routes all requests.
The server itself is not exposed to the Internet, but is accessible via our local network & VPN.

These are the stepes i got back from our IT guy

  1. Add ayon.domain.com record to public DNS, set the record value to the public facing IP of your network
  2. run certbot against ayon.domain.nl
  3. internally re-route ayon.domain.com requests to the server IP or hostname

i’m setting up a home server in the background where i can work on “fun” projects with friends.
i’ll try to make a propper tutorial for this when i’ve the time (this means usualy 2 to 4 months in my case :wink: to many things to learn, sort and do)

2 Likes

Yesterday we were also doing something like this, we have a self-signed cert and all our browsers can access the CA internally, so we have Ayon with SSL/TLS.
We get some caveats tho, like the Ayon Launcher depends on the ayon-python-api to verify the server and it doesn’t send over the CA file, so we can’t login atm with the Ayon Launcher into Ayon with https, but I opened a PR for this just yesterday that hopefully fixes that add AYON_CERT_FILE to try server request by jm22dogs · Pull Request #248 · ynput/ayon-python-api · GitHub.
Another caveat I saw is that the front end skips some reactivity stuff, like the Ayon loading screen after restarting the server, but that may be due to the Nginx config?

yes indeed, and we also had some issues with perforce etc with self signed and the connection between ayon end p4v.
But now it’s all running really smooth.
(and i love that you can have the notifications in windows, turn everything off except ayon)

Hi

Here’s what we’ve done so far:

Initial steps:

  • Generated and imported an SSL certificate for our domain.
  • Cloned the AYON Docker repository.
  • Created a custom nginx.conf and updated the docker-compose.yml to use it.
  • Ran the Docker setup.

Then we tried:

  • Importing the SSL certificate into the system.
  • Creating a DNS record that points our domain to the server’s IP.
  • Editing the hosts file at C:\Windows\System32\drivers\etc\hosts with our IP and domain.
  • Running gpupdate to refresh group policies.

But we’re still not able to access AYON over HTTPS.

Also, one question:

Since we’re using a custom nginx.conf, do we need to create a new docker-compose.yml file for it, or is it okay to just modify the existing one from the AYON Docker repo?