Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: How do I SSL-enable the doccano app living inside the docker container? #359

Closed
roperi opened this issue Aug 28, 2019 · 3 comments
Closed

Question: How do I SSL-enable the doccano app living inside the docker container? #359

roperi opened this issue Aug 28, 2019 · 3 comments
Labels
question Further information is requested

Comments

@roperi
Copy link

roperi commented Aug 28, 2019
edited

I have a silly question, and I'm sorry about that, but how do I SSL-enable the doccano app set inside a docker container?

When I run the app like this:

docker run -d --rm --name doccano \
  -e "ADMIN_USERNAME=admin" \
  -e "ADMIN_EMAIL=admin@emai.com" \
  -e "ADMIN_PASSWORD=password" \
  -e "DEBUG=False" \
  -e "SECRET_KEY=secret-key" \
  -p 80:8000 doccano:myrebuilt

And I do sudo netstat -tpln I get this:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp6       0      0 :::80                   :::*                    LISTEN      32697/docker:proxy

If I type http://mydoccano:80/ into my web browser I get to see the Docanno app. Unfortunately this is not secure.

So I thought about setting up nginx in the host machine and redirect from 80 to 443 but I get this error when trying to run the docker image:

fc310303a5710e422580f1ffd5a0f1a30
docker: Error response from daemon: driver failed programming external connectivity on endpoint doccano (fa81ff4b030a29636bc22178e75b95a9d9988984325): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use.

What can I do to redirect from http:/mydoccano/ to https://mydocano/? Should I set up nginx inside the docker container? Or should I put the ssl certificates inside the container and run it while passing some sort of ssl parameters? Any ideas or pointers? Thanks in advance!
@icoxfog417 icoxfog417 added the question Further information is requested label Aug 29, 2019
@c-w
Copy link
Member

c-w commented Sep 4, 2019

I would recommend to use nginx to terminate SSL and then forward the request to doccano. Note that if you use doccano behind SSL, you'll have to configure the settings mentioned in #350.

@roperi
Copy link
Author

roperi commented Sep 4, 2019

thanks, @c-w

@roperi
Copy link
Author

roperi commented Sep 5, 2019

Thanks to @c-w suggestion I finally made my doccano app work with SSL.

Just for the record and in case someone is interested in knowing how I made it work here's my Nginx configuration in production server:

upstream doccano_app {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    listen [::]:80;
    server_name doccano.mydomain.com;

    location / {
        return 301 https://$host$request_uri;
    }
}

server { 
    listen 443 ssl;
    listing [::]443 ssl;

    server_name doccano.mydomain.com;
    
    ssl_certificate /etc/letsencrypt/live/doccano.mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/doccano.mydomain.com/privkey.pem;

    root /var/www/html;

    try_files $uri @docker;

    location @docker {
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-Forwarded_Proto $scheme;
          proxy_redirect off;
          proxy_pass http://doccano_app;
  }

}

@eizanendoso eizanendoso mentioned this issue Dec 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@icoxfog417 @c-w @roperi