I have a silly question, and I'm sorry about that, but how do I SSL-enable the doccano app set inside a docker container?
When I run the app like this:
docker run -d --rm --name doccano \
-e "ADMIN_USERNAME=admin" \
-e "[email protected]" \
-e "ADMIN_PASSWORD=password" \
-e "DEBUG=False" \
-e "SECRET_KEY=secret-key" \
-p 80:8000 doccano:myrebuilt
And I do sudo netstat -tpln
I get this:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::80 :::* LISTEN 32697/docker:proxy
If I type http://mydoccano:80/
into my web browser I get to see the Docanno app. Unfortunately this is not secure.
So I thought about setting up nginx in the host machine and redirect from 80 to 443 but I get this error when trying to run the docker image:
fc310303a5710e422580f1ffd5a0f1a30
docker: Error response from daemon: driver failed programming external connectivity on endpoint doccano (fa81ff4b030a29636bc22178e75b95a9d9988984325): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use.
What can I do to redirect from http:/mydoccano/
to https://mydocano/
? Should I set up nginx inside the docker container? Or should I put the ssl certificates inside the container and run it while passing some sort of ssl parameters? Any ideas or pointers? Thanks in advance!
I would recommend to use nginx to terminate SSL and then forward the request to doccano. Note that if you use doccano behind SSL, you'll have to configure the settings mentioned in https://github.com/chakki-works/doccano/pull/350.
thanks, @c-w
Thanks to @c-w suggestion I finally made my doccano app work with SSL.
Just for the record and in case someone is interested in knowing how I made it work here's my Nginx configuration in production server:
upstream doccano_app {
server 127.0.0.1:8080;
}
server {
listen 80;
listen [::]:80;
server_name doccano.mydomain.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listing [::]443 ssl;
server_name doccano.mydomain.com;
ssl_certificate /etc/letsencrypt/live/doccano.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/doccano.mydomain.com/privkey.pem;
root /var/www/html;
try_files $uri @docker;
location @docker {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded_Proto $scheme;
proxy_redirect off;
proxy_pass http://doccano_app;
}
}
Most helpful comment
Thanks to @c-w suggestion I finally made my doccano app work with SSL.
Just for the record and in case someone is interested in knowing how I made it work here's my Nginx configuration in production server: