HTTPS & SSL setup

Proper SSL configuration is essential for securing your Ridy instance, ensuring data encryption, and enabling features like Firebase push notifications and secure payment gateways.

Ridy supports both Cloudflare-based flexible SSL and manual certificate installation. Cloudflare is the recommended and simplest approach.

🌐 Recommended Setup: Cloudflare Flexible SSL

We recommend using Cloudflare as your DNS and SSL provider. It simplifies the process and works seamlessly with the default Docker configuration.

✅ Requirements

A static IP address (required for license validation)
A registered domain name (e.g., yourdomain.com)
Access to your domain's DNS management

⚙️ Step-by-Step Setup with Cloudflare

Point Your Domain to the Server
- Set an A record in your Cloudflare DNS settings:
```
yourdomain.com → <your-static-ip>
```
Enable Cloudflare SSL
- Go to:
  Cloudflare Dashboard → SSL/TLS → Overview
- Select Flexible SSL mode (Cloudflare communicates with server over HTTP)
Optional: Enable Always Use HTTPS
- This ensures all HTTP traffic is automatically redirected to HTTPS:
```
Cloudflare → SSL/TLS → Edge Certificates → Always Use HTTPS → ON
```
DNS Propagation
- Wait up to 5 minutes for DNS changes to take effect

🚀 Once this is done, your app will be available at:

https://yourdomain.com/admin/ (Admin Panel)
https://yourdomain.com/booking/ (Customer Web App)

🛠️ Advanced Option: Manual SSL with Let's Encrypt

If you prefer manual SSL management, you can install Let's Encrypt certificates using external tools like:

certbot
nginx-proxy-manager
Dockerized SSL companions like nginx-certbot

However, this route requires:

Exposing port 443
Customizing NGINX or reverse proxy configurations
Setting up renewal scripts or cron jobs

This option is only recommended for experienced users or those integrating into an existing DevOps pipeline.

⚠️ Notes & Considerations

Item	Detail
NGINX Role	Included in Docker stack, listens on port 80
No Port 443 Binding Required	Cloudflare handles SSL offloading
No Manual NGINX Configuration	Unless bypassing Cloudflare
SSL for API & Admin	Served under path-based routes (e.g., `/admin/`, `/booking/`)
Static IP Requirement	Enforced solely for license verification, not for SSL
Multiple Services on One Domain	Supported via path-based routing: `yourdomain.com/admin/`, etc.

🔁 Testing SSL

You can test if your setup is working using:

https://yourdomain.com/admin/ in your browser
SSL Labs for detailed analysis
Inspecting response headers for Strict-Transport-Security (if enabled)

HTTPS & SSL setup ​

🌐 Recommended Setup: Cloudflare Flexible SSL ​

⚙️ Step-by-Step Setup with Cloudflare ​

🛠️ Advanced Option: Manual SSL with Let's Encrypt ​