Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cvat with certbot issued SSL certificate #1172

Closed
smokedsalmonbagel opened this issue Feb 21, 2020 · 7 comments
Closed

cvat with certbot issued SSL certificate #1172

smokedsalmonbagel opened this issue Feb 21, 2020 · 7 comments

Comments

@smokedsalmonbagel
Copy link

I explored a few options for using a certbot generated SSL cert from letsencrypt. I have a an almost working prototype...

My nginx conf looks like this:

server {
    listen              443 ssl;
    server_name         mydomain.com;
    ssl_certificate     /etc/letsencrypt/live/mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
	root /usr/share/nginx/html;
    location / {
		try_files $uri $uri/ /index.html;
		add_header Access-Control-Allow-Origin "*";
    }
}

[note: There is another conf file for doing the cert renewal (port 80 only):]

when I goto mydomain.com the cvat login loads with the message:

Could not check authorization on the server
Open the Browser Console to get details

It looks like all the network requests from the browser are 200.
image
but the console reports

TypeError: Cannot use 'in' operator to search for 'id' in <!DOCTYPE html>

I have changed the following in docker-compose.yml based on what others have posted to get remote installations working.

cvat_ui:
    build:
      args:
        REACT_APP_API_PROTOCOL: https
        REACT_APP_API_HOST: mydomain.com
        REACT_APP_API_PORT: 
    ports:
      - 80:80/tcp
      - 443:443/tcp
    environment:
      CERTBOT_EMAIL: a@a.com
    volumes:
      - ./conf.d:/etc/nginx/user.conf.d:ro
      - letsencrypt:/etc/letsencrypt

I know there are a few other issues out there regarding SSL, but haven't seen anything about the console error above.
@azhavoro
Copy link
Contributor

azhavoro commented Feb 21, 2020
edited
Loading

@smokedsalmonbagel Hi, could you please provide also docker-compose config for the cvat service?

@smokedsalmonbagel
Copy link
Author

Sure, here is my full dockercompose yml file:

version: "2.3"

services:
  cvat_db:
    container_name: cvat_db
    image: postgres:10-alpine
    networks:
      default:
        aliases:
          - db
    restart: always
    environment:
      POSTGRES_USER: root
      POSTGRES_DB: cvat
      POSTGRES_HOST_AUTH_METHOD: trust
    volumes:
      - cvat_db:/var/lib/postgresql/data

  cvat_redis:
    container_name: cvat_redis
    image: redis:4.0-alpine
    networks:
      default:
        aliases:
          - redis
    restart: always

  cvat:
    container_name: cvat
    image: cvat
    restart: always
    depends_on:
      - cvat_redis
      - cvat_db
    ports:
      - "8080:8080"
    build:
      context: .
      args:
        http_proxy:
        https_proxy:
        no_proxy:
        socks_proxy:
        TF_ANNOTATION: "no"
        AUTO_SEGMENTATION: "no"
        USER: "django"
        DJANGO_CONFIGURATION: "production"
        TZ: "Etc/UTC"
        OPENVINO_TOOLKIT: "no"
    environment:
      DJANGO_MODWSGI_EXTRA_ARGS: ""
      UI_SCHEME: http
      UI_HOST: localhost
      UI_PORT: 7080


    volumes:
      - cvat_data:/home/django/data
      - cvat_keys:/home/django/keys
      - cvat_logs:/home/django/logs
      - cvat_models:/home/django/models

  cvat_ui:
    container_name: cvat_ui
    image: nginx
    restart: always
    build:
      context: .
      args:
        http_proxy:
        https_proxy:
        no_proxy:
        socks_proxy:
        REACT_APP_API_PROTOCOL: https
        REACT_APP_API_HOST: mydomain.com
        REACT_APP_API_PORT: 
      dockerfile: Dockerfile.ui

    networks:
      default:
        aliases:
          - ui
    depends_on:
      - cvat
    ports:
      - "7080:80"
      - 80:80/tcp
      - 443:443/tcp
    environment:
      CERTBOT_EMAIL: a@a.com
    volumes:
      - ./conf.d:/etc/nginx/user.conf.d:ro
      - letsencrypt:/etc/letsencrypt

volumes:
  cvat_db:
  cvat_data:
  cvat_keys:
  cvat_logs:
  cvat_models:
  letsencrypt:
  conf.d:

@smokedsalmonbagel
Copy link
Author

I also should mention my docker.ui file has been merged with the one for certbot, but I don't think this should have any effect.

Tyler

@azhavoro
Copy link
Contributor

I think the cause of issue is RACT_APP_API_* variables doesn't properly configured. This variables should point to cvat backend service that opened on 8080 port.

REACT_APP_API_PROTOCOL: http
REACT_APP_API_HOST: mydomain.com
REACT_APP_API_PORT: 8080

Also please take a look at the PR #1177, I believe we will merge it to the upstream in the nearest future and CVAT deploy will be easier.

@smokedsalmonbagel
Copy link
Author

@azhavoro I have tried a few variations here.

REACT_APP_API_PROTOCOL: http
REACT_APP_API_HOST: mydomain.com
REACT_APP_API_PORT: 8080

Does not work since the server is not listening on http or port 8080. Only 443.
It looks like some of the PR items could help...

@smokedsalmonbagel
Copy link
Author

I was taking a look at the output after docker-compose up and noticed

cvat          | 2020-02-27 15:17:21,401 DEBG 'rqworker_default_1' stderr output:
cvat          | bash: cannot set terminal process group (-1): Inappropriate ioctl for device
cvat          | bash: no job control in this shell

Is this normal? Or is something wrong with my build?

@azhavoro
Copy link
Contributor

azhavoro commented Oct 13, 2020
edited
Loading

@smokedsalmonbagel I believe this issue should not be actual after cvat_proxy was added. I'll close it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smokedsalmonbagel @azhavoro