[Girder-users] Serving Girder over HTTPS from Docker

Brian E Chapman Brian.Chapman at utah.edu
Wed Oct 21 21:26:51 EDT 2015 

Thanks.

From: Zach Mullen <zach.mullen at kitware.com<mailto:zach.mullen at kitware.com>>
Date: Wednesday, October 21, 2015 at 7:20 PM
To: Brian Chapman <brian.chapman at utah.edu<mailto:brian.chapman at utah.edu>>
Cc: "girder-users at public.kitware.com<mailto:girder-users at public.kitware.com>" <girder-users at public.kitware.com<mailto:girder-users at public.kitware.com>>
Subject: Re: [Girder-users] Serving Girder over HTTPS from Docker

Hi Brian,

We typically set this up using a proxy like Nginx or Apache. Here's an example Nginx config for an SSL-only deployment of girder:


server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    # redirect to https
    return 307 https://$host$request_uri;
}

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/my_cert.pem;
    ssl_certificate_key /etc/nginx/ssl/my_cert.key;
    add_header Strict-Transport-Security "max-age=15552000";
    root {{ girder_root }}/clients/web;

    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Server $host;
        include /etc/nginx/proxy_params;
        # The following settings should allow SSE to work
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header Connection '';
        proxy_http_version 1.1;
        chunked_transfer_encoding off;
        proxy_read_timeout 600s;
        proxy_send_timeout 600s;
    }

    location /static {
        try_files $uri $uri/ /index.html;
    }
}


The only thing you'd need to modify in the above config is the locations of the cert and key files.

Hope this helps,


Zach Mullen
Kitware, Inc.
919-869-8858

On Wed, Oct 21, 2015 at 9:15 PM, Brian E Chapman <Brian.Chapman at utah.edu<mailto:Brian.Chapman at utah.edu>> wrote:
Hi everyone,

We’ve got an instance of Girder running user Docker containers for both MongoDB and Girder. This was nice and painless. However, it is running over http. Curious if there is any easy way with Girder directly to make this run over https or if the assumption is that this would be done with Apache Redirect (or equivalent).

Brian
—
Brian E. Chapman, Ph.D.
Associate Professor
Department of Radiology
University of Utah


_______________________________________________
Girder-users mailing list
Girder-users at public.kitware.com<mailto:Girder-users at public.kitware.com>
http://public.kitware.com/mailman/listinfo/girder-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/girder-users/attachments/20151022/d56bbdcd/attachment.html>

More information about the Girder-users mailing list