[Hypothesis] How to deploy h on VM

[Wefa Hakem]

Hello,

I would like to know if you have any documentation or recommendations on how to deploy h in a production like environment without using the development version to serve final users.

Best regards,
Wefa

[Robert Knight]

Hello Wefa,

Thank-you for your patience waiting for a reply. I'm afraid there is no formal documentation for third parties on setting up a production environment. The actual hypothes.is service is deployed in AWS using Elastic Beanstalk and the scripts we use for this can be found at https://github.com/hypothesis/deployment . In brief, you will need to:

1. Setup containers running Postgres 9.x, Elasticsearch 1.5/1.6 and RabbitMQ, or use hosted versions of these services (we use AWS RDS, AWS ES, CloudAMPQ respectively)

2. Build the Docker image for "h" (using `make docker`) or use the images we publish to http://hub.docker.com/hypothesis

3. Run the Docker container for h, pointing it at the Elasticsearch, Postgres and RabbitMQ services. See https://github.com/hypothesis/h/blob/405680086cd60431c8889580776d03014f2df73a/scripts/run-h-dev-in-docker for a script that you can run locally to do this

I would recommend that you go through the process of doing this locally to get a feel for it and you can then try hosting it in a cloud service.

Do you want to use a standard (unmodified) version of "h" or a custom build?

Kind Regards,

Rob.

--
You received this message because you are subscribed to the Google Groups "dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev+uns...@list.hypothes.is.
To post to this group, send email to d...@list.hypothes.is.
To view this discussion on the web visit https://groups.google.com/a/list.hypothes.is/d/msgid/dev/CACLssQC1NOy%3D810OF4ZQf5MzBqi2iwUb5iwBS2gkPSwXFx81wA%40mail.gmail.com.

--

Kind Regards,

Rob

[Wefa Hakem]

Hello Robert,

Thank you for your reply. I'm currently running the same build on the standard version.

I have followed the steps described in this doc (https://media.readthedocs.org/pdf/h/docs-tweaks/h.pdf/page 7) . It's almost the same process in your reply.

I have one more question if you don't mind, I would like to ask you about the firefox extension in development mode. I have build the extension ( I replaced the setting with firefox-prod.json) but is there any other changes to do to build correctly the extension?

Best regards,

Wefa

[Wefa Hakem]

I have question regarding serving a docker image on https.
 I have already done it in dev version on https but I'm facing difficulties doing it with docker image. 

I have tried firstly to run the deserve command inside the container. I have used this command :  unicorn --name web --reload --paste conf/app.ini --certfile=.tlscert.pem --keyfile=.tlskey.pem. But since I'm unable to stop nginx service inside the container. I get the error address in use.

So I tried to change in the nginx conf file and add the ssl_certificate and key and listen port. Unfortunalty I have a permission denied error in binding with 0.0.0.0:443.

What I am doing wrong and how could I solve this?

ᐧ

2018-05-29 18:41 GMT+01:00 Wefa Hakem <hake...@gmail.com>:

Hello,
I would like to ask you if you don't mind about hypothesis app and how to deploy the docker image on https.

I have already served the app in dev version on https but I'm facing difficulties doing it with docker image. 

I have tried firstly to run the deserve command inside the container. I have used this command :  unicorn --name web --reload --paste conf/app.ini --certfile=.tlscert.pem --keyfile=.tlskey.pem. But since I'm unable to stop nginx service inside the container. I get the error address in use.

So I tried to change in the nginx conf file and add the ssl_certificate and key. Unfortunalty I have a permission denied error in binding with 0.0.0.0:443.

Have you encountred this or tried it on your docker image.

Best regards,
Wefa

ᐧ

2018-05-13 16:40 GMT+01:00 Wefa Hakem <hake...@gmail.com>:

Did u find the error?

2018-05-13 0:35 GMT+01:00 Wefa Hakem <hake...@gmail.com>:

Hi,
I think for  SECRET_KEY you should pass this variable when running the container (like APP_URL and the others).
Try accessing /login does the page appear?

Best regards,
Wefa

2018-05-12 23:07 GMT+01:00 Zhen Ji <jizhe...@gmail.com>:

can reply?

[Robert Knight]

Hello,

In our production environment SSL is terminated by the AWS load balancer, which in turn speaks plain HTTP to h running in the Docker container. That’s why there is no configuration option to use an SSL certificate in the h Docker image.

Regards,

Robert.

[Wefa Hakem]

Do you have any idea how to do it? Do I have to change in the dockerfile to enable https?

ᐧ

[Robert Knight]

Hello,

The Docker image is not designed to support HTTPS directly. It is intended to be deployed in an environment (eg. Heroku, Elastic Beanstalk, ECS) which handles HTTPS before traffic reaches the container.

It would be technically possible to fork h and modify the nginx config to use an SSL certificate, but this isn’t something we’ve had a need for ourselves.

Kind Regards,

Robert.

[hake...@gmail.com]

I would like to share with you my solution in order to serve hypothesis docker image on https. It may be helpful for someone else.
1- I have chosen to copy the certificate and the key files inside the docker container in a ssl ngix folder with the command "docker cp" but you can link the volume outside the container if you want.

2- Then, I changed the nginx configuration : nginx.conf as following and I kept listening on the same port 5000

  ...

  server {

 

    server_name xxxx;

    listen 5000 ssl;

    ssl_certificate /etc/nginx/ssl/.tlscert.pem ;

    ssl_certificate_key /etc/nginx/ssl/.tlskey.pem;

   ...

  location / {

      ...

      proxy_set_header X-Forwarded-Ssl on;

    }

It works like magic :)

Best regards,
Wefa

[anu...@verifiedsupply.com]

Hi,

I want to run hypothesis on https. I'm using ngnix which is running on port 443 and hypothesis on 5000. can you plase help me. are you running hypothes directly on ngnix?