Powered by Zoomin Software. For more details please contactZoomin

Semaphore Knowledge Model Management (KMM) Administration

Table of Contents

Fronting Studio with nginx

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 13, 2026
  • 2 minute read
    • Semaphore
    • Documentation

It is straightforward to use nginx to front the Semaphore Studio application to handle the conversion from https to http.

The instructions here are for how to use it on a Linux installation.

Installation of nginx

yum install nginx

will install the service.

You may need to add the access ports to your local firewalld configuration

firewall-cmd --add-port 80/tcp
firewall-cmd --add-port 443/tcp

will add the standard http and https ports. (Even though we are disabling http access, we do want to allow http access as far as the server for redirection, you may choose to not do it this way.)

To list the open ports use the command

firewall-cmd --list-all

Configuring nginx for SSL forwarding

Put your certificate files .crt and .rsa in some convenient location, then user chmod to ensure the nginx process will have read access to them. It is possible that you will also need to make selinux happy but running

restorecon <filename>

on each of these files.

If you have a pfx file and a password rather than these two files, you can convert the them using the commands

  openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.crt
  openssl pkcs12 -in certificate.pfx -nocerts -nodes -out certificate.rsa

You will be prompted for the password for each of these commands.

We now need to edit the nginx configuration file

/etc/nginx/nginx.cong

. We create two server groups

    server {
        listen       80 default_server;
        server_name  _;
        return 301 https://$host$request_uri;

    }
<code>
will ensure that any request to port 80 (http) will be redirected to port 443 (https).

<code>
    server {
       listen *:443 ssl;
       server_name semaphore-internal.progress.com;
       ssl_certificate /etc/nginx/certificate.crt;
       ssl_certificate_key /etc/nginx/certificate.rsa;
       location / {
           proxy_pass http://localhost:5080;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
        }
   }

will forward all requests at port 443 to the Semaphore instance (assuming that it is running on the same box at the default port 5080)

It is important that the proxied headers are set as above, so that Semaphore can return locations for URLs correctly.

Once these configuration changes are made, you can start the nginx server

systemctl start nginx

Configuration of Semaphore Studio

If we are using nginx to front Semaphore Studio, we need to tell Studio to use the proxied values for host and protocol, we do this by editing the file

/opt/semaphore/studio/conf/studio-app.properties

We add to the end of this file the following

quarkus.http.proxy.proxy-address-forwarding=true
quarkus.http.proxy.allow-x-forwarded=true
quarkus.http.proxy.enable-forwarded-host=true
quarkus.http.proxy.enable-forwarded-prefix=true

Once this is done we need to restart the Semaphore Studio service

systemctl restart semaphore-studio

Once this is done, you should be able to access Semaphore Studio using https.

TitleResults for “How to create a CRG?”Also Available inAlert