Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CARTODB in production with https #52

Open
cgcrespo opened this issue Aug 6, 2018 · 19 comments
Open

CARTODB in production with https #52

cgcrespo opened this issue Aug 6, 2018 · 19 comments

Comments

@cgcrespo
Copy link

cgcrespo commented Aug 6, 2018

How are you,
We are developing progressive web pages - pwa - https://developers.google.com/web/progressive-web-apps/ to show carto maps and the implementation needs to use the https protocol.

I Take the code of your implementation and modify it, so that it runs with https and use cartodb production database the creation of the image (Dockerfile) runs without problems and the site of cartodb work properly I can consult data of the users, the organization and everything related to the administration part of the page, however I can not create maps, always shows me a blank page with the close button to return to the carto page implemented locally

I could give a light that I can review to correct this issue, I have reviewed these logs inside the container.

find / -name ".log" -exec ls -lt {} ; | grep -i "Aug"
tail -f /var/log/postgresql/postgresql-10-main.log
tail -f /var/log/nginx/cartodb_error.log
tail -f /var/log/nginx/cartodb_access.log
tail -f /var/log/redis/redis-server.log
tail -f /tmp/analysis.log
tail -f /cartodb/log/production.log
tail -f /cartodb/resque.log
tail -f /CartoDB-SQL-API/logs/cartodb-sql-api.log
The Windshaft-cartodb log does not appear anywhere

There would be a way to change the main carto configuration files (app_config.yml, database.yml),
Windshaft-cartodb (production.js), CartoDB-SQL-API (production.js) and restart the service
to prove that the change has emerged effect. Or invoke a request using postman to prove that separate services are working.

I attach the implementation (docker-cartodb-prod.tar.gz) and a manual (RunSteps.txt) to execute it.
To see if someone can give me a hand.
Runing Container
image
Source code
docker-cartodb-prod.tar.gz
Run Steps
RunSteps.txt
Link for downloading:
https://drive.google.com/open?id=1ZS9rLCvE9GygEJPvJi57sXvs9bo3KIkW
I has similar issue reported in case "carto not working #29" but in this topic don't detail the answer. My white blank showed when try to create new map is :

wihitepage

Thanks

@antoniovj1
Copy link

I have not solve the problem with the https, but you can run the container behind a https proxy. Is not an optimal solution, but can be useful until you find a solution. With Azure Functions Apps is very easy to set up a proxy.

@cgcrespo
Copy link
Author

Thanks, I try to fix the dockerfile to get the same code the @sverhoeven in production too

@chrowe
Copy link

chrowe commented Oct 10, 2018

This is something I am trying to figure out as as well. I know https://github.com/chriswhong/docker-cartodb has done this, but is no longer being maintained. Since that repo is "inspired by and largely based" this one, I wonder if we could merge the two and provide an config option here for dev vs. prod

@chrowe
Copy link

chrowe commented Oct 28, 2018

Hi @sverhoeven I noticed your latest commit on this issue and wondering if there is anything I can do to help get this completed. I am working on a project and hoping to use this. I have a couple developers looking into it but not having any luck. If you have time to help point us in the right direction we might be able to contribute our work here.

Thanks,
Chris

@sverhoeven
Copy link
Owner

I would happily accept a PR which completes the TODOs in https://github.com/sverhoeven/docker-cartodb/compare/https-prod branch

@chrowe
Copy link

chrowe commented Oct 29, 2018

We did actually get something working. I will see if we can work what we did into your PR.

I assume you meant to link to master...sverhoeven:https-prod

@cgcrespo
Copy link
Author

cgcrespo commented Oct 29, 2018 via email

@aarontract
Copy link

Thanks for sharing this, it was very useful.

@glaroc
Copy link

glaroc commented Apr 29, 2019

I'm just wondering if there is a recent update on this. Has anyone recently been able to build a fully functioning Carto stack with Docker on https?

@christophekey
Copy link

Not yet, but still trying :)

@aarontract
Copy link

I managed to get the master version to run under HTTPS at the start of Feb this year, I pulled the image from docker hub rather than doing a fresh build as a proof of concept.

I have a few notes here but not sure if they will help:
#67
I haven't looked at it since then.

I used nginx with a lets encrypt SSL cert sitting on the host box, then did some proxy_pass to inside docker containers.

Main trick was to set an environment variable for rails environment run as production mode, there seems to be some ruby code that has changed recently switch back to http if its not set this way.

@glaroc
Copy link

glaroc commented May 9, 2019

I can get the builder and the SQL api to work fine under https, and I can import datasets. However, I always get issues with the Maps API that's returning JS errors about missing templates. So, I can't generate any visualizations for sharing. The current Docker build works fine for me over http.

@glaroc
Copy link

glaroc commented May 15, 2019

I finally got it working. I tried to summarize my configuration in this fork: https://github.com/glaroc/docker-cartodb-https

@beltowski
Copy link

got it working over https based on @glaroc image, just can't load data view, keeps loading returning no error

@bmunyoki
Copy link

Did anyone get to solve error 502 on /api/v2/sql endpoint over https? @glaroc @beltowski @sverhoeven

@glaroc
Copy link

glaroc commented Mar 17, 2021

@bmunyoki it's working for me using the fork here https://github.com/glaroc/docker-cartodb-https

@ishiland
Copy link

@glaroc do you have a prebuilt image you can share? I'm unable to get your fork built or the master branch here.

I was able to build the py3pg12postgis3 branch, but experience the same issue as @bmunyoki mentioned.

Ill try and circle back to this when I have more time, in the meantime any direction is much appreciated.

@bmunyoki
Copy link

Hi @ishiland I ended up modifying the /api/v2/sql directives on cartodb.nginx.proxy.conf file to point to IP. Here is how my cartodb.nginx.proxy.conf looks:

server {
    if ($host = carto.wegov.nyc) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


       listen         80;
       #listen         [::]:80;
       server_name    <your domain/subdomain>;
       return         301 https://$server_name:3000$request_uri;


}

server {

  server_name <your domain/subdomain>;

  listen 443 ssl;
  #listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/<your domain/subdomain>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<your domain/subdomain>/privkey.pem; # managed by Certbot


  client_max_body_size 100M;

  location ~* /(user/.*/)?api/v1/maps {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass http://127.0.0.1:3000;
   
  }

  location ~* /(user/.*/)?api/v1/map {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass http://127.0.0.1:8181;
  }

  location ~* /(user/.*)?/api/v2/sql {
    # RedHog: Hack to work around bug in cartodb local hosting but using cdn for js libs
    # rewrite /(user/.*)?/api/v2/sql(.*) /$1/api/v2/sql$2  break;
    # proxy_set_header        Host $host;
    # proxy_set_header        X-Real-IP $remote_addr;
    # proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    # proxy_set_header        X-Forwarded-Proto $scheme;
    
    # Change default timeout for your long-running SQL api calls!
    proxy_read_timeout 300s;
    
    # proxy_pass http://127.0.0.1:8080;
    proxy_pass http://<Your server public IP>:8080;
  }

  location ^~ /assets {
    root /cartodb/public;
  }

  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass http://127.0.0.1:3000;
  }

  error_log /var/log/nginx/cartodb_error.log;
  access_log /var/log/nginx/cartodb_access.log;

}

Note, I did certbot install manually (whatever is commented with #managed by certbot)

@ishiland
Copy link

@bmunyoki I ended up taking the microservices approach based on https://github.com/sabman/cartodb-docker-fork. SSL is working good for me now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

10 participants