Hi Guys ! so from past 5 days I’m trying to run rasa server as https instead of http . I have deployed my rasa server and action server using docker on GCP. The rasa server works fine as http and when i visit http://myip:5005 , it says welcome to rasa 1.10.3 and i can communicate with it using webchat. I’ve been using this link as a reference “Configuring the HTTP API” to run rasa server as https.
To generate certificates , i created a domain named datahive.chat and then pointed it to my GCP machine . I then followed this tutorial "How To Secure Nginx with Let's Encrypt on Ubuntu 16.04 | DigitalOcean " to generate ssl certificates . Certificates were generated succesfully and when i visit https://datahive.chat , it says my connection is secure .But then when i use the same certificates to run rasa server as https using this command CMD [ “run”,"-m","/app/models","–enable-api","–cors","*","–debug","–ssl-certificate","/app/sslcerts/fullchain.pem","–ssl-keyfile","/app/sslcerts/privkey.pem"] inside Dockerfile , it runs as https but says connection is not secure and a warning comes up .If i accept the risk and continue , rasa server works. So my question is how can i make it run as https secure connection ? Do i need to use reverse proxy using nginx or am i making some mistake?
Rather than securing Rasa, a better approach will be use nginx to reverse proxy your rasa server and you can use your ssl certificates in the nginx configurations.
Hi Anand , thanks for the reply. I was thinking of using reverse proxy using nginx , but my question is why the rasa server doesn’t work with ssl certificates when given as parameters as described here "Configuring the HTTP API " .
The method described would save me with a lot of time and efforts.
I used Authorized certificates also but it was not running. Anyways i used the reverse proxy thing using nginx and it is now working. I will post the steps i followed very soon so that anyone struggling with the same issue and take reference from here .
Hey! So I followed your steps and have it set up, but I can only access it using HTTP and not HTTPS. On a post request, I get the following error -
*SSLError: HTTPSConnectionPool(host=‘mydomain.com’, port=5005): Max retries exceeded with url: /webhooks/rest/webhook (Caused by SSLError(SSLError(1, ‘[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1123)’)))*
Here’s my docker-compose.yml
version: '3.8'
services:
bot:
env_file:
- env_bot.env
image: ${DOCKER_HUB}/${DOCKER_REPO}/${DOCKER_IMAGE}:${DOCKER_TAG}
container_name: application_chatbot
build:
context: ./build
dockerfile: Dockerfile
#volumes:
# - ./out:/out
command: bash -c "python conversational_bot/start_script/launch_v2.py && /bin/sh"
tty: true
ulimits:
memlock: -1
networks:
- organic_network
ports:
- 5005:5005
mongo:
container_name: organic_mongo_b
image: library/mongo:latest
volumes:
- /tmp/mongodb:/data/db:Z
networks:
- organic_network
# this should just expose this port to internal services, not to outside
expose:
- 27017
nginx:
container_name: nginx
image: nginx
ports:
- 80:80
- 443:443
volumes:
- ./nginx:/etc/nginx/conf.d
#I kept my SSL certs in a certs folder in project directory (Make sure to include this in .gitignore)
- ./certs:/etc/letsencrypt/live/mydomain.com
depends_on:
- bot
networks:
- organic_network
networks:
organic_network:
name: global_organic_network
and here is my nginx default conf file -
upstream application_chatbot {
server application_chatbot:5005;
}
#change your domain name to localhost if testing locally
#listen on port 80 (default port for non-encrypted messages)
#if testing locally, <your_domain_name> is localhost
server {
listen 80;
server_name mydomain.com ;
#reverse proxy to rasa container
location / {
proxy_pass http://application_chatbot;
}
}
#comment out this block if you are testing locally
#listen to port 443 (default port for encrypted messages)
server {
listen 443 ssl;
server_name mydomain.com ;
#points to ssl certificates that we will move to nginx docker container in docker compose
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
#reverse proxy to rasa container
location / {
proxy_pass http://application_chatbot;
}
}