Hi Guys ! so from past 5 days I’m trying to run rasa server as https instead of http . I have deployed my rasa server and action server using docker on GCP. The rasa server works fine as http and when i visit http://myip:5005 , it says welcome to rasa 1.10.3 and i can communicate with it using webchat. I’ve been using this link as a reference “Configuring the HTTP API” to run rasa server as https.
To generate certificates , i created a domain named datahive.chat and then pointed it to my GCP machine . I then followed this tutorial "How To Secure Nginx with Let's Encrypt on Ubuntu 16.04 | DigitalOcean " to generate ssl certificates . Certificates were generated succesfully and when i visit https://datahive.chat , it says my connection is secure .But then when i use the same certificates to run rasa server as https using this command CMD [ “run”,"-m","/app/models","–enable-api","–cors","*","–debug","–ssl-certificate","/app/sslcerts/fullchain.pem","–ssl-keyfile","/app/sslcerts/privkey.pem"] inside Dockerfile , it runs as https but says connection is not secure and a warning comes up .If i accept the risk and continue , rasa server works. So my question is how can i make it run as https secure connection ? Do i need to use reverse proxy using nginx or am i making some mistake?
Rather than securing Rasa, a better approach will be use nginx to reverse proxy your rasa server and you can use your ssl certificates in the nginx configurations.
Hi Anand , thanks for the reply. I was thinking of using reverse proxy using nginx , but my question is why the rasa server doesn’t work with ssl certificates when given as parameters as described here "Configuring the HTTP API " .
The method described would save me with a lot of time and efforts.
I used Authorized certificates also but it was not running. Anyways i used the reverse proxy thing using nginx and it is now working. I will post the steps i followed very soon so that anyone struggling with the same issue and take reference from here .
Hey! So I followed your steps and have it set up, but I can only access it using HTTP and not HTTPS. On a post request, I get the following error -
*SSLError: HTTPSConnectionPool(host=‘mydomain.com’, port=5005): Max retries exceeded with url: /webhooks/rest/webhook (Caused by SSLError(SSLError(1, ‘[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1123)’)))*
Here’s my docker-compose.yml
version: '3.8'
services:
bot:
env_file:
- env_bot.env
image: ${DOCKER_HUB}/${DOCKER_REPO}/${DOCKER_IMAGE}:${DOCKER_TAG}
container_name: application_chatbot
build:
context: ./build
dockerfile: Dockerfile
#volumes:
# - ./out:/out
command: bash -c "python conversational_bot/start_script/launch_v2.py && /bin/sh"
tty: true
ulimits:
memlock: -1
networks:
- organic_network
ports:
- 5005:5005
mongo:
container_name: organic_mongo_b
image: library/mongo:latest
volumes:
- /tmp/mongodb:/data/db:Z
networks:
- organic_network
# this should just expose this port to internal services, not to outside
expose:
- 27017
nginx:
container_name: nginx
image: nginx
ports:
- 80:80
- 443:443
volumes:
- ./nginx:/etc/nginx/conf.d
#I kept my SSL certs in a certs folder in project directory (Make sure to include this in .gitignore)
- ./certs:/etc/letsencrypt/live/mydomain.com
depends_on:
- bot
networks:
- organic_network
networks:
organic_network:
name: global_organic_network
and here is my nginx default conf file -
upstream application_chatbot {
server application_chatbot:5005;
}
#change your domain name to localhost if testing locally
#listen on port 80 (default port for non-encrypted messages)
#if testing locally, <your_domain_name> is localhost
server {
listen 80;
server_name mydomain.com ;
#reverse proxy to rasa container
location / {
proxy_pass http://application_chatbot;
}
}
#comment out this block if you are testing locally
#listen to port 443 (default port for encrypted messages)
server {
listen 443 ssl;
server_name mydomain.com ;
#points to ssl certificates that we will move to nginx docker container in docker compose
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
#reverse proxy to rasa container
location / {
proxy_pass http://application_chatbot;
}
}
Hi, @rahul_namdev I have followed your blog for implementing the reverse proxy but still when I try to access with https I am getting an error
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid
Do you have any idea how to fix this so I can access with the https requests
Hi @rahul_namdev Issue on RASA HTTP API for Chatbot Integration
While implementing the RASA HTTP API through http://<domain_name>:5005/conversations/default/trigger_intent for integrating RASA with a chatbot in a production environment, I’m encountering mixed content errors. Is there a method to secure the URL to https://<domain_name>:5005/conversations/default/trigger_intent ? Also having http://<domain_name>:5005/webhooks/rest/webhook . Are we able to make this as an https ?
I’m encountering an issue with my nginx configuration. When my webpage loads, it internally calls HTTP endpoints like http://<domain_name>:5005/webhooks/rest/webhook and http://<domain_name>:5005/conversations/default/trigger_intent. The configuration converts these calls to HTTPS, resulting in a TIME_OUT_ERROR.
