Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Supported by

JATOS with Apache (HTTPS with Let's Encrypt)

Hi everyone,

I wanted to enable https for JATOS, but I have run into a problem that I am not able to solve.

So far, I have installed Apache on my Ubuntu server and obtained a SSL certificate from Let's Encrypt with Certbot. Additionally, I have followed the instructions here:

to run JATOS on Apache. I had some problems with the certificate so I changed the certificate part in the .conf file to this:

# Your certificate for encryption
SSLEngine 					on
SSLCertificateFile    		/etc/letsencrypt/live/
SSLCertificateKeyFile 		/etc/letsencrypt/live/
SSLCertificateChainFile 	/etc/letsencrypt/live/

While the test virtual host for my domain is working correctly (https protected), JATOS is still running without https.

When I run a syntax test on the config file, I do not get any errors. So that seems to be fine at least. I have also checked that the port 443 is listen in /etc/apache2/ports.conf. Additionally, I have tried to search the web for more possible solutions, but did not find anything helpful.

Does anyone have an idea what could be the problem? I am happy to provide further information if needed.

Thanks a lot and best regards,



  • Hi Yvonne,

    It's quite some time that I used Apache. But from what I remember your SSL setting looks fine.

    It would be helpful for me to see the rest of the Apache conf. And which version are you using?


  • Hi Kristian,

    thank you for your time and help! I am using Ubuntu 18.10, Apache 2.4.34 and JATOS 3.3.2. Here is the content of the .conf file (server name is a placeholder).

    <VirtualHost *:80>
            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            # Redirect all unencrypted traffic to the respective HTTPS page
            Redirect "/" ""
    <VirtualHost *:443>
      # Restrict access to JATOS GUI to local network
      # <Location "/jatos">
      #  Order deny,allow
      #  Deny from all
      #  Allow from ::1
      #  Allow from localhost
      #  Allow from 192.168
      # Needed for JATOS to get the correct host and protocol
      ProxyPreserveHost On
      RequestHeader set X-Forwarded-Proto "https"
      RequestHeader set X-Forwarded-Ssl "on"
      # Your certificate for encryption
      SSLEngine On
      SSLCertificateFile /etc/letsencrypt/live/
      SSLCertificateKeyFile /etc/letsencrypt/live/
      SSLCertificateChainFile /etc/letsencrypt/live/
      # JATOS uses WebSockets for its batch and group channels
      RewriteEngine On
      RewriteCond %{HTTP:Upgrade} =websocket [NC]
      RewriteRule /(.*)           ws://localhost:9000/$1 [P,L]
      RewriteCond %{HTTP:Upgrade} !=websocket [NC]
      RewriteRule /(.*)           http://localhost:9000/$1 [P,L]
      # Proxy everything to the JATOS running on localhost on port 9000 
      ProxyPass / http://localhost:9000/
      ProxyPassReverse / http://localhost:9000/

    If you think this is a problem of Apache and not JATOS, I can also try to ask for help somewhere else to not waste your time.

    Also, if you need more information, please let me know.

    Thank you again and best regards,


  • Just for info: I gave up on trying to solve this (nothing worked). I might try to use Nginx instead of Apache.

  • Sorry Yvonne, I never answered. But I actually looked at your Apache config and couldn't find anything obviously wrong.

    Apache can be a bummer. It does not work until it works and then it is unbreakable.

    Actually I prefer Nginx too these days. You probable have seen the doc

    Or if you prefer Docker: JATOS + Traefik. With Traefik comes encryption out-of-the-box. But one looses a bit of control because everything is containerized. There is a doc about JATOS + Traefik on Digital Ocean With a bit of adaptation this can be applied to any Linux system.

    If you have questions I'm happy to help. And if you are completely stuck I can have a look at your server.



  • Hi Kristian,

    no worries, I just wanted to let people know that I was not looking for a solution for Apache + JATOS anymore.

    I switched to your recommendation (JATOS + Traefik) this morning and that worked like a charm, thank you!

    Before that, I did try Nginx, but I was not able to make it work either. Everything was running fine as long as I did not include the code chunk specific to JATOS. When I added that, I got the following warnings:

    nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/nginx.conf:66
    nginx: [warn] conflicting server name "" on, ignored
    nginx: [warn] conflicting server name "" on, ignored

    As far as I am aware, the line:

     ssl                  on;

    is causing the first warning because the command is no longer needed in newer versions of Nginx. Concerning the other warnings, I probably messed up the server names somehow. I thought it was maybe worth including this if someone runs into a similar problem in the future.

    For now, I am happy that https finally works. Thanks a lot!



  • Hi Yvonne,

    Nice you got it working with Traefik! I'm glad I was of any help.

    Maybe I should add a page to JATOS docs "JATOS + Traefik" (without the whole Digital Ocean part).

    Regarding the "ssl" in the Nginx config: you might be right. I'm using Traefik lately and haven't tried recent versions of Nginx. I'll have a look and fix the JATOS docs. Thank you for pointing it out.



Sign In or Register to comment.