Adding SSL Support to Xibo 3.3.1

To be completed by the original poster:

CMS Version

Xibo 3.3.1

Installation Method


Operating System

The Ubuntu 20.4 LTS operating system and the Xibo CMS 3.3.1 is installed on a shared Linode hosted server.


I’m in need of assistance of adding SSL support to my Xibo CMS version 3.3.1 site. I’m a novice in server environments so please excuse my ignorance in this subject.

My production Xibo.Production.Server is up and running quite well with the exception that I’m connecting to it via HTTP not HTTPS.

I have created clone of this server name Xibo,Development.Server on Linode and started following the instructions to “Adding SSL Support” stated in the knowledge base article listed below.

I chose the simplest method by installing Apache on the host Ubuntu server, and have it proxy the SSL requests into our container, as the article suggested.

I seem to be confused where it says “Our CMS should be available back on port 80” right after restart Apache by service apache2 restart. Should I check if the CMS is working on port 80 via HTTP?

The next steps I’m hung up on is -
Then install letsencrypt.
When I run the command → add-apt-repository ppa:certbot/certbot, I receive this following message.

Can anyone provide me updated instructions on Adding SSL support to Docker CMS 3.3.1?

Adding SSL Support

There are several ways you could add SSL support to this configuration.

The simplest is to install Apache on the host Ubuntu server, and have it proxy the SSL requests into our container.

First, we need to stop the running CMS since we’ll need port 80 for our Apache server.

cd /opt/xibo
docker-compose down

Now move Xibo on to a different port number.

We’ll be following the instructions to install Xibo for Docker on Linux from the “Using different ports” heading.

cp cms_custom-ports.yml.template cms_custom-ports.yml
nano cms_custom-ports.yml

Edit the “ports” section of the cms-xmr and cms-web services so they read as follows:

version: "2.1"
        image: mysql:5.6
            - "./shared/db:/var/lib/mysql"
        restart: always
            - MYSQL_DATABASE=cms
            - MYSQL_USER=cms
        mem_limit: 1g
        env_file: config.env
        image: xibosignage/xibo-xmr:release-0.7
            - "9505:9505"
        restart: always
        mem_limit: 256m
        env_file: config.env
        image: xibosignage/xibo-cms:release-2.1.0
            - "./shared/cms/custom:/var/www/cms/custom"
            - "./shared/backup:/var/www/backup"
            - "./shared/cms/web/theme/custom:/var/www/cms/web/theme/custom"
            - "./shared/cms/library:/var/www/cms/library"
            - "./shared/cms/web/userscripts:/var/www/cms/web/userscripts"
        restart: always
            - cms-db:mysql
            - cms-xmr:50001
            - XMR_HOST=cms-xmr
        env_file: config.env
            - ""
        mem_limit: 1g

So specifically, we changed the line:

                 - "65500:9505"


                 - "9505:9505"


                 - "65501:80"


                 - ""

Save your changes. That will ensure that XMR runs on port 9505 as before, and the web service runs on port 8080 only on the loopback interface.

Bring the containers back up with those changes:

docker-compose -f cms_custom-ports.yml up -d

Now protect that Container with an Apache server and a LetsEncrypt SSL certificate:

apt-get install apache2
a2enmod proxy
a2enmod proxy_http
a2enmod headers

Edit the default apache config file to create a reverse proxy to our container:

nano /etc/apache2/sites-available/000-default.conf

It should contain

<VirtualHost *:80>

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPreserveHost On
        RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}

        ProxyPass /
        ProxyPassReverse /


Save your changes, and then restart Apache

service apache2 restart

Our CMS should now be available back on port 80.

If you’re using ufw, lets put a rule in for https traffic now

ufw allow 443/tcp

Then install letsencrypt

add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-apache

And then generate a certificate

certbot --apache -d

Do not select the option to automatically redirect requests to https connections. Once the certificate has been issued, try accessing the CMS over https. If it works as expected, log in to the CMS and in the Settings → Network tab, tick the option to “Force HTTPS” connections.

I am using our own SSL certificates instead of using the certbot. Just a safety thing our company wants!

This is how I build our 000-default.conf

<VirtualHost *:443>

SSLEngine On
ProxyPreserveHost On
    RequestHeader set X-Forwarded-Proto "https"

# Set the path to SSL certificate
# Usage: SSLCertificateFile /path/to/cert.pem
SSLEngine on
SSLCertificateFile "/srv/xibo-cms/SSL/WILDCARD_domain.crt"
SSLCertificateKeyFile "/srv/xibo-cms/SSL/domain-decrypted.key"
SSLCertificateChainFile "/srv/xibo-cms/SSL/Sectigo_RSA_Domain_Validation_Secure_Server_CA.crt"

# Servers to proxy the connection, or;
# List of application servers:
# Usage:
# ProxyPass / http://[IP Addr.]:[port]/
# ProxyPassReverse / http://[IP Addr.]:[port]/
# Example:
ProxyPass /
ProxyPassReverse /

This part in your docker-compose.yml is really important:


        - ""

Dear Vishal_Debipersad,

Thank you for your response. I apologize for the late reply, I have had a family emergency. Let me research your answer since I’m a novice at server environments and I may have additional questions about this in the near future.


Greg Seiber

Dear Vishal_Debipersad,

I apologize for the late reply, I have had a family illness.
This is the error I receive when I restart apache2. Any help would be appreciated.

Greg Seiber

Ah, you fixed line 30.
If you are using ServerName in in your enabled apache2 site, please remove that part.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.