Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve documentation for SSL and server installation #7

Open
abiricz opened this issue Jun 1, 2023 · 1 comment
Open

Improve documentation for SSL and server installation #7

abiricz opened this issue Jun 1, 2023 · 1 comment

Comments

@abiricz
Copy link

abiricz commented Jun 1, 2023

Hello,

I would like to express my gratitude for the tremendous effort you have dedicated to the development and enhancement of Cytomine. I appreciate the new installation process, which is significantly cleaner. Nevertheless, I have noticed that there is a lack of documentation regarding certain aspects. Specifically, I have been unable to find a guide on how to set up an ssl-encrypted webpage on a server (distant) instance.

To address this issue, I kindly request that you consider adding comprehensive documentation that includes a step-by-step guide. It would be immensely helpful if you could provide detailed examples for both the cytomine.yml and the configs/nginx/etc/nginx/nginx.conf files, outlining the necessary modifications and adjustments for configuring ssl-encrypted URLs.

Thank you once again for your remarkable work, and I hope my suggestion will contribute to further improving the Cytomine experience.

(Our research group has been long-time users of Cytomine.)
@kmuw
Copy link

kmuw commented Aug 29, 2023

Tested with a self-signed certificate on Uliege's Cytomine v4.3.5-beta.6.

Steps:

  1. Backup your instance
  2. Get your SSL certificate (including the subdomains used for IMS and upload)
    • copy the .key and .crt file to Cytomine-bootstrap/configs/nginx/etc/nginx/
  3. Change Cytomine-bootstrap/configs/nginx/etc/nginx/nginx.conf.sample
    • at server_name $URLS_CORE; add
   listen       443 ssl;
   server_name  $URLS_CORE;
   ssl_certificate  your.domain.local.crt;
   ssl_certificate_key  your.domain.local.key;

  • repeat this for the other server sections :
    - server_name $URLS_IMAGE_SERVER;
    - server_name $URLS_UPLOAD;

    • optional: http redirect
server {
   listen 80;
   server_name  your.domain.local;
   return 301 https://your.domain.local;
   }
  1. in docker-compose.yml expose the https 443/ssl port:

nginx:
ports:
- 80:80
- 443:443

  1. in cytomine.yml (or .template)
    • at

global:
urls_with_scheme:
constant:

change the urls from http:// to https://

  1. rebuild the nginx container with docker compose. Cave: I rebuilt everything and had to revert the postgis database, since it is stored in an anonymous volume which is not used again after rebuilding. Copy from the old volume to the new sufficed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abiricz @kmuw