Deploy rasa on a ssl enabled server

Hi. I have deployed a rasa bot in my server. but now enabled ssl today. now I need to run rasa with https. I am trying to do this with nginx. Can anyone help me with what changes should I make to my nginx.conf file?
Is there any way to get the webhook suppose url: “http://192.168.20.62:5005/webhooks/rest/webhook to url: “https://192.168.20.62:5005/webhooks/rest/webhook In short, I just want to change my url to https. Is it possible?

You can use ssl for your nginx and then use as a reverse proxy to pass requests to your rasa server. You can see a sample config below

upstream rasa{
server rasa:5005 # your rasa server ip and port
}

server {
listen 443 ssl;
server_name 127.0.0.1;

ssl_certificate <CERTIFICATE PATH>
ssl_certificate_key <CERTIFICATE KEY>
ssl_trusted_certificate <CA PATH>

location /{
    proxy_pass https://rasa
}
}

thank you so much. I am trying this. but one more thing… everytime i start nginx i get nginx: [emerg] bind() to [::]:80 failed (98: Address already in use) i know this is because port 80 is already being used by http. and if i try to stop the process which is running n port 80, naturally I can’t connect to my server anymore. Do you have any solution regarding this?

okay I managed to run nginx on a different port (example: 7777). but now I am getting this error:

jquery.min.js:2 Mixed Content: The page at ‘https://my_domain.com:7777/’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://XX.XX.XX.XX:5005/webhooks/rest/webhook’. This request has been blocked; the content must be served over HTTPS.

any idea on how do I run rasa with https?

If your website is using https, then you cannot make http calls. There are two ways to tackle this.

  1. You should create an ssl certificate and start rasa server using ssl. [HTTPS for RASA]
  2. You can use Nginx as a reverse proxy to redirect calls to an http rasa server.

For the second approach, you can add the following location section under your server config section ins nginx config file.

                location ~ ^/rasa([^\?]+)(\?.*)? {
                    resolver 127.0.0.11 valid=30s;

                    set $rasa_server http://rasa:5005$1?$args;

                    proxy_http_version              1.1;
                    proxy_cache_bypass              $http_upgrade;

                    proxy_set_header Upgrade        $http_upgrade;
                    proxy_set_header Connection     "upgrade";

                    proxy_pass                      $rasa_server;
                    proxy_read_timeout              300;
            }

This will pass all requests coming to your_domain/rasa to the rasa server (in my case a docker container listening to port 5005). If there are any arguments, then they are also passed. (you’ll need this for socket.io over https)

Thank you so much. I’ve been able to run rasa with my ssl certificate with the following command

rasa run --ssl-certificate /path_to_folder/mydomain.crt --ssl-keyfile /path_to_folder/mydomain.key --m ./models --endpoints endpoints.yml --port 5005 -vv --enable-api --cors “*” --credentials credentials.yml

And I am running nginx with another port. So that solves my problem. Thanks :smiley:

2 Likes

Hi Anand, I am trying to connect RASA open source bot with a web chat widget through socketio. While the server is running, bot is working fine locally but its not showing up locally .

My docker containers are running. And when I hit my domain I get this image

my .conf file looks like this

can you elaborate

Hi Anika, Hope you are good . Are you able to run with ssl in nginx file settings, instead of cmd which is mentioned above.? . If it is there please share the file of nginx.

Thanks.

Hello @a-anand-91119 hope you doing well!

Blockquote

Actually I’m stuck at some point in my project where simply i deployed my chat-bot on a local server and connected it to a website which is running on another server . what issue i’m facing is that the request to my rasa server is being block because the website is using SSL and my server is not accepting it because i did not initialise SSL in it till now.How i confirm it, by doing a test When i stopped SSL at web end the rasa server also started getting request so that’s what i know that there is some problem at the SSL request.

Blockquote

What i want to know is how can i apply your 2nd approach which you have mentioned “2. You can use Nginx as a reverse proxy to redirect calls to an http rasa server”

Blockquote

and where i need to write these

Preformatted text location ~ ^/rasa([^?]+)(?.*)? { resolver 127.0.0.11 valid=30s;

                set $rasa_server http://rasa:5005$1?$args;

                proxy_http_version              1.1;
                proxy_cache_bypass              $http_upgrade;

                proxy_set_header Upgrade        $http_upgrade;
                proxy_set_header Connection     "upgrade";

                proxy_pass                      $rasa_server;
                proxy_read_timeout              300;
        }

Blockquote

code of line in my project. Sorry in advance that i can not share my project due to some policy.

Blockquote

What i have done is : installed nginx in my ubuntu 18.04 and using rest api for the endpoint channel not socket io. And I’m a beginner for this project so don’t know what to do next. It will be very helpful if you could help me in here. Thanks in advance!