-
Notifications
You must be signed in to change notification settings - Fork 101
Deployment
fnndsc/pl-dircopy is required for the UI's file upload feature.
"host" remote (not really) compute environment is hard-coded into pfcon.
- fnndsc/pl-dircopy (is hard-coded in ChRIS_ui)
Serving CUBE and ChRIS_ui on the same domain can cause session cookie collision, e.g. while logged into /chris-admin/ you are barred from logging in to / (ChRIS_ui) unless you log out of /chris-admin/ or delete the sessionid cookie.
Try serving CUBE and ChRIS UI on different domains.
A reverse proxy (e.g. nginx, Apache, caddy) is usually used to enable HTTPS (and they also do load-balancing).
+----------------------+
| web browser |
| e.g. firefox, chrome |
+----------------------+
|
| https://cube.example.com/api/vi/
|
V
+----------------------+ +----------------------+
| reverse proxy | http://localhost:8000/api/v1/ | backend |
| e.g. nginx, apache | ------------------------------> | ChRIS_ultron_backend |
+----------------------+ +----------------------+
collection.links.href is wrong.
Correct would be https://cube.example.com/api/v1/... but you get something different:
http://cube.example.com/api/v1/...http://localhost:8000/api/v1/...
{
"collection": {
"href": "http://cube.example.com/api/v1/",
"items": [],
"links": [
{
"href": "http://cube.example.com/api/v1/files/",
"rel": "files"
},
{
"href": "http://cube.example.com/api/v1/computeresources/",
"rel": "compute_resources"
}
],
"total": 0,
"version": "1.0"
}Web browsers might block "mixed" requests, i.e. HTTP AJAX from an HTTPS origin.
- Configure your reverse proxy to inject the
X-Forwarded-HostandX-Forwarded-Protorequest headers - Add django config options
SECURE_PROXY_SSL_HEADERandUSE_X_FORWARDED_HOSTto{chris,store}_backend/config/settings/production.pyin fnndsc/ChRIS_ultron_backEnd and fnndsc/ChRIS_store. - Rebuild docker images.
- Change
docker-compose.ymlto make sure your new images are being used. - Re-run.
Caddy sets up HTTPS automatically with Let's Encrypt and its configuration syntax is easy to understand.
The example below demonstrates how to expose a single-machine instance running ./docker-deploy.sh up. CUBE and store "backends" are served by reverse-proxy. Logging is enabled for the two backends. ChRIS_ui and ChRIS_store_ui are served from a directory "on the metal." Both are react.js "single-page applications" (SPA), so every URI should return /index.html.
cube.chris.example.com {
reverse_proxy localhost:8000 {
header_up X-Forwarded-Proto {http.request.scheme}
}
log
}
api.store.chris.example.com {
reverse_proxy localhost:8010 {
header_up X-Forwarded-Proto {http.request.scheme}
}
log
}
chris.example.com {
root * /srv/ChRIS_ui/build
file_server
try_files {path} /index.html
}
store.chris.example.com {
root * /srv/ChRIS_store_ui/build
file_server
try_files {path} /index.html
}
# optional but very awesome monitoring app
# https://github.com/netdata/netdata
netdata.chris.example.com {
reverse_proxy localhost:19999
}