Doccano: Question: How do I SSL-enable the doccano app living inside the docker container?

Created on 28 Aug 2019 · 3Comments · Source: doccano/doccano

I have a silly question, and I'm sorry about that, but how do I SSL-enable the doccano app set inside a docker container?

When I run the app like this:

docker run -d --rm --name doccano \
  -e "ADMIN_USERNAME=admin" \
  -e "[email protected]" \
  -e "ADMIN_PASSWORD=password" \
  -e "DEBUG=False" \
  -e "SECRET_KEY=secret-key" \
  -p 80:8000 doccano:myrebuilt

And I do sudo netstat -tpln I get this:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp6       0      0 :::80                   :::*                    LISTEN      32697/docker:proxy

If I type http://mydoccano:80/ into my web browser I get to see the Docanno app. Unfortunately this is not secure.

So I thought about setting up nginx in the host machine and redirect from 80 to 443 but I get this error when trying to run the docker image:

fc310303a5710e422580f1ffd5a0f1a30
docker: Error response from daemon: driver failed programming external connectivity on endpoint doccano (fa81ff4b030a29636bc22178e75b95a9d9988984325): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use.

What can I do to redirect from http:/mydoccano/ to https://mydocano/? Should I set up nginx inside the docker container? Or should I put the ssl certificates inside the container and run it while passing some sort of ssl parameters? Any ideas or pointers? Thanks in advance!

question

Source

roperi

Most helpful comment

Thanks to @c-w suggestion I finally made my doccano app work with SSL.

Just for the record and in case someone is interested in knowing how I made it work here's my Nginx configuration in production server:

upstream doccano_app {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    listen [::]:80;
    server_name doccano.mydomain.com;

    location / {
        return 301 https://$host$request_uri;
    }
}

server { 
    listen 443 ssl;
    listing [::]443 ssl;

    server_name doccano.mydomain.com;

    ssl_certificate /etc/letsencrypt/live/doccano.mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/doccano.mydomain.com/privkey.pem;

    root /var/www/html;

    try_files $uri @docker;

    location @docker {
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-Forwarded_Proto $scheme;
          proxy_redirect off;
          proxy_pass http://doccano_app;
  }

}

roperi on 5 Sep 2019

👍2

All 3 comments

I would recommend to use nginx to terminate SSL and then forward the request to doccano. Note that if you use doccano behind SSL, you'll have to configure the settings mentioned in https://github.com/chakki-works/doccano/pull/350.

c-w on 4 Sep 2019

👍1

thanks, @c-w

roperi on 4 Sep 2019

Thanks to @c-w suggestion I finally made my doccano app work with SSL.

Just for the record and in case someone is interested in knowing how I made it work here's my Nginx configuration in production server:

upstream doccano_app {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    listen [::]:80;
    server_name doccano.mydomain.com;

    location / {
        return 301 https://$host$request_uri;
    }
}

server { 
    listen 443 ssl;
    listing [::]443 ssl;

    server_name doccano.mydomain.com;

    ssl_certificate /etc/letsencrypt/live/doccano.mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/doccano.mydomain.com/privkey.pem;

    root /var/www/html;

    try_files $uri @docker;

    location @docker {
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-Forwarded_Proto $scheme;
          proxy_redirect off;
          proxy_pass http://doccano_app;
  }

}

roperi on 5 Sep 2019

👍2

Was this page helpful?

0 / 5 - 0 ratings