Enabling HTTPS

Configure DNS

If you already have a certificate and key you can skip this.

For example point gamebench.example.com to the server.


If you already have a certificate and key you can skip this.

Ensure both ports 80 and 443 are accessible. This is only necessary if you plan to use a service like Let’s Encrypt to issue a certificate.

Issue a certificate

If you already have a certificate and key you can skip this.

Example using Let’s Encrypt:

  • Install certbot see https://certbot.eff.org/docs/install.html
  • Stop frontend container if running (docker stop frontend)
  • Run sudo certbot certonly --standalone -d gamebench.example.com replacing gamebench.example.com with your domain.


cd /path/to/gamebench
mkdir certs

# Set permissions so nginx user can read the files
chown -R 1001:1001 certs

Copy certificate and key into newly created certs directory.

For example:

sudo cp /etc/letsencrypt/live/gamebench.example.com/fullchain.pem certs/cert.pem
sudo cp /etc/letsencrypt/live/gamebench.example.com/privkey.pem certs/key.pem

Run ./gbctl

Double-check the values for the frontend host and port. The host should be the domain name i.e. gamebench.example.com and the port should be 443.

Frontend host
        Host frontend is accessible on.
        (Default: )
Frontend port
        Port published to host for the frontend container. Only published if publish ports to host option is chosen.
        (Default: )

Enter yes for

TLS enabled
        Whether URLs should use https protocol
        (Default: no)

Enter yes for

Enable TLS in Nginx configuration?
        If you wish to terminate TLS on the server, use this option.
        In the current directory, create a new directory called `certs` and add the private key (`key.pem`) and cert (`cert.pem`.)
        The `cert.pem` should contain any intermediate certificates.
        (Default: no)

Certificate renewal

Example certificate renewal command when using certbot. Replace /path/to/gamebench with your path to the gamebench deployment.

sudo certbot renew --pre-hook "docker stop frontend" --post-hook "docker start frontend" --deploy-hook "cp \$RENEWED_LINEAGE/fullchain.pem /path/to/gamebench/certs/cert.pem; cp \$RENEWED_LINEAGE/privkey.pem /path/to/gamebench/certs/key.pem; docker restart frontend"

This should be run twice daily. Please note on Ubuntu 18.04 with the certbot package you will want to replace or remove the provided systemd certbot timer as it won’t be configured with the appropriate pre, post and deploy hooks.