# Enabling HTTPS for the BookStack web interface [https://docs.sam.gy/books/bookstack/page/enabling-https-for-the-bookstack-web-interface](https://docs.sam.gy/books/bookstack/page/enabling-https-for-the-bookstack-web-interface) When finished with this guide, will likely want to follow [Using Cert Bot to get a Valid SSL certificate](https://docs.coltscomputer.services/books/operating-systems/page/using-cert-bot-to-get-a-valid-ssl-certificate "Using Cert Bot to get a Valid SSL certificate") The default BookStack installation script for Ubuntu 20.04/18.04/16.04 only configures the Apache2 server to use HTTP, not HTTPS. With plain HTTP becoming more and more obsolete each day, you'll likely want to use HTTPS instead in combination with a Let's Encrypt SSL certificate (or a self-signed cert if you're only accessing locally). Move the original BootStack config file (so you can access it again if needed) - sudo mv /etc/apache2/sites-available/bookstack.conf /etc/apache2/sites-available/bookstack.conf.old Create a new BookStack Apache2 config file: - sudo nano /etc/apache2/sites-available/bookstack.conf Here is an example configuration - you will need to change the **ServerName** and **SSLCertificate** directives to match your requirements.
<VirtualHost *:80>
ServerName YOUR-DOMAIN-HERE
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName YOUR-DOMAIN-HERE
ServerAdmin webmaster@localhost
DocumentRoot /var/www/bookstack/public/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/YOUR-DOMAIN-HERE/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/YOUR-DOMAIN-HERE/privkey.pem
<Directory /var/www/bookstack/public/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable Apache2's SSL module - sudo a2enmod ssl Run Apache2's built in config tester to confirm there are no errors: - sudo apachectl configtest - Syntax OK Edit BookStack's .env config file: - sudo nano /var/www/bookstack/.env Change the **APP\_URL** parameter so that it uses the full domain name, making sure that it specifies **https://** not http://
\# Application URL \# This must be the root URL that you want to host BookStack on. \# All URLs in BookStack will be generated using this value \# to ensure URLs generated are consistent and secure. \# If you change this in the future you may need to run a command \# to update stored URLs in the database. Command example: \# php artisan bookstack:update-url https://old.example.com https://new.example.com APP\_URL=https://YOUR-DOMAIN-HERE
Restart Apache2 - sudo systemctl restart apache2