[Girder-users] Serving Girder over HTTPS from Docker

Zach Mullen zach.mullen at kitware.com
Thu Oct 22 13:01:05 EDT 2015


On Thu, Oct 22, 2015 at 12:55 PM, Brian E Chapman <Brian.Chapman at utah.edu>
wrote:

> Hi Zach,
>
> I’m trying to increase the volume for your girder-users digest. I’ve got a
> couple of boneheaded questions, primarily related to my not being too
> familiar with nginx.
>
> First, would you run the nginx server within the Girder docker container
> so that the container is serving up the web data over https or would you
> run the nginx server on the host machine and have the host redirect what
> the container is serving?
>

Hm, I suppose either would work, but I would probably have nginx inside the
container if this is a fixed deployment rather than something meant to be
reusable.


>
> Second, I’m getting an error with nginx when I try to use the snippet you
> provided me last night. The error is related to the following line (47 in
> my configuration file):
>
> root {{ girder_root }}/clients/web;
>
> nginx: [emerg] directive "root" is not terminated by ";" in
> /etc/nginx/nginx.conf:47
>
> I’m not familiar with the {{girder_root}} syntax in nginx and haven’t
> found examples of it with web searchers. I assume it is pulling out an
> environment variable (which is why I wonder if I should be running this on
> the machine/container running girder). Also I wonder if this is a version
> issue; I’m running nbinx 1.4.6 on Ubuntu 14.04; this seems far behind the
> 1.9.5 latest release.
>

Sorry about that confusion, this isn't valid syntax for the nginx config --
what I pasted is actually from a template file that we use to configure the
nginx file, and girder_root is a variable in that template. You should
change {{girder_root}} to whatever the actual path to girer is inside your
container.

-Zach


>
> Brian
>
>
> From: Zach Mullen <zach.mullen at kitware.com>
> Date: Wednesday, October 21, 2015 at 7:20 PM
> To: Brian Chapman <brian.chapman at utah.edu>
> Cc: "girder-users at public.kitware.com" <girder-users at public.kitware.com>
> Subject: Re: [Girder-users] Serving Girder over HTTPS from Docker
>
> Hi Brian,
>
> We typically set this up using a proxy like Nginx or Apache. Here's an
> example Nginx config for an SSL-only deployment of girder:
>
> server {
>     listen 80 default_server;
>     listen [::]:80 default_server ipv6only=on;
>     # redirect to https
>     return 307 https://$host$request_uri;
> }
>
> server {
>     listen 443 ssl;
>     ssl_certificate /etc/nginx/ssl/my_cert.pem;
>     ssl_certificate_key /etc/nginx/ssl/my_cert.key;
>     add_header Strict-Transport-Security "max-age=15552000";
>     root {{ girder_root }}/clients/web;
>
>     # Make site accessible from http://localhost/
>     server_name localhost;
>
>     location / {
>         proxy_pass http://localhost:8080;
>         proxy_set_header X-Forwarded-Host $http_host;
>         proxy_set_header X-Forwarded-Server $host;
>         include /etc/nginx/proxy_params;
>         # The following settings should allow SSE to work
>         proxy_buffering off;
>         proxy_cache off;
>         proxy_set_header Connection '';
>         proxy_http_version 1.1;
>         chunked_transfer_encoding off;
>         proxy_read_timeout 600s;
>         proxy_send_timeout 600s;
>     }
>
>     location /static {
>         try_files $uri $uri/ /index.html;
>     }
> }
>
>
> The only thing you'd need to modify in the above config is the locations of the cert and key files.
>
> Hope this helps,
>
>
>
> Zach Mullen
> Kitware, Inc.
> 919-869-8858
>
> On Wed, Oct 21, 2015 at 9:15 PM, Brian E Chapman <Brian.Chapman at utah.edu>
> wrote:
>
>> Hi everyone,
>>
>> We’ve got an instance of Girder running user Docker containers for both
>> MongoDB and Girder. This was nice and painless. However, it is running over
>> http. Curious if there is any easy way with Girder directly to make this
>> run over https or if the assumption is that this would be done with Apache
>> Redirect (or equivalent).
>>
>> Brian
>>>> Brian E. Chapman, Ph.D.
>> Associate Professor
>> Department of Radiology
>> University of Utah
>>
>>
>> _______________________________________________
>> Girder-users mailing list
>> Girder-users at public.kitware.com
>> http://public.kitware.com/mailman/listinfo/girder-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/girder-users/attachments/20151022/f49a2bfd/attachment.html>


More information about the Girder-users mailing list