Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/gnmyt/Nexterm/llms.txt

Use this file to discover all available pages before exploring further.

Nexterm includes a built-in HTTPS server. When it finds SSL certificate files in the data/certs directory at startup, it automatically starts a second HTTPS listener alongside the regular HTTP server — no additional configuration is required.

How it works

Nexterm checks for two files at startup:
  • data/certs/cert.pem — your SSL certificate (or certificate chain)
  • data/certs/key.pem — the corresponding private key
If both files exist, Nexterm starts the HTTPS server in addition to the HTTP server. If either file is missing, HTTPS is silently skipped and only HTTP runs.
HTTP and HTTPS run simultaneously. The HTTP server does not automatically redirect to HTTPS. If you want to enforce HTTPS-only access, either block the HTTP port at your firewall or handle the redirect in a reverse proxy.

Ports

ProtocolDefault portEnvironment variable
HTTP6989SERVER_PORT
HTTPS5878HTTPS_PORT
You can change either port with the corresponding environment variable. See Environment variables for details.

Docker setup

To mount your certificates into the container, add a volume mapping and expose the HTTPS port in your docker-compose.yml: 
services:
  nexterm:
    image: nexterm/aio:latest
    environment:
      ENCRYPTION_KEY: "your-encryption-key"
      HTTPS_PORT: 5878
    ports:
      - "6989:6989"
      - "5878:5878"
    restart: always
    volumes:
      - nexterm:/app/data
      - ./certs:/app/data/certs

volumes:
  nexterm:
Place your cert.pem and key.pem files in a certs/ directory next to your docker-compose.yml before starting the container. The volume mount maps that directory to /app/data/certs inside the container, which is where Nexterm looks for certificates.
If you update your certificates while the container is running, restart the container to pick up the new files. Nexterm reads the certificate files once at startup.

Obtaining certificates

Let’s Encrypt provides free, trusted certificates valid for 90 days. Use Certbot to obtain and manage them.
1

Install Certbot

Install Certbot using your distribution’s package manager. On Debian/Ubuntu:
sudo apt install certbot
2

Obtain a certificate

Run Certbot in standalone mode. Your server must be reachable on port 80 from the internet for the HTTP challenge:
sudo certbot certonly --standalone -d yourdomain.com
3

Copy the certificate files

Certbot writes the files to /etc/letsencrypt/live/yourdomain.com/. Copy them into Nexterm’s certificate directory:
cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem ./data/certs/cert.pem
cp /etc/letsencrypt/live/yourdomain.com/privkey.pem ./data/certs/key.pem
4

Restart Nexterm

Restart the container to load the new certificates:
docker restart nexterm
Let’s Encrypt certificates expire after 90 days. Set up automatic renewal with certbot renew via a cron job or systemd timer, and restart Nexterm after each renewal.

Verifying HTTPS is active

After restarting Nexterm with certificates in place, check the container logs for a line confirming the HTTPS server started: 
HTTPS server listening on port 5878
You can then navigate to https://your-server:5878 in your browser.

Build docs developers (and LLMs) love

Get started for freeTalk to us