Docker image needs to support https

[SvdSinner]

The docker image does not support HTTPS. Without HTTPS, chrome will not allow use of navigator.mediaDevices.getUserMedia, and thus the script errors out and the demo fails.

The error that shows up in to logs if the website is called with HTTPS is: [2020-10-09 13:48:19,546] aiohttp.server Error handling request Traceback (most recent call last): File "/usr/local/lib/python3.7/dist-packages/aiohttp/web_protocol.py", line 275, in data_received messages, upgraded, tail = self._request_parser.feed_data(data) File "aiohttp/_http_parser.pyx", line 523, in aiohttp._http_parser.HttpParser.feed_data aiohttp.http_exceptions.BadStatusLine: invalid HTTP method

[RafNie]

Did you pass cert and key files in to server.py script? You can generate self-signeg pair by command openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr then copy it in to main folder an pass it to script by parameters --cert-file domain.csr and --key-file domain.key.

The best add those parameters in this line https://github.com/danijel3/KaldiWebrtcServer/blob/1572211f58d234dfa93f73e73b0e29f57b83f578/docker/web/Dockerfile#L13

[SvdSinner]

I've tried to implement this with no luck. I'm a newb to Docker-Compose, and I may be doing something incorrectly. I changed the DockerFile line 13 to CMD ["--servers","/server/servers.json", "--cert-file", "/server/domain.csr", "-key-file", "/server/domain.key"]
After I save the change, I go back to the directory I copied the docker-compose.yml to and execute a "docker-compose down" and then a "docker-compose up" to restart everything.

I also tried iterations with "--key-file" instead of "-key-file" and iterations that omitted the /server/ part of the path to the files. (The two domain.* files are in the same folder as server.py and servers.json, and also copied into the folder with the copy of the docker-compose.yml I am using) None of them seem to enable https.

Do I need to do something to the docker-compose.yml to make it recognize the change? Do I somewhere need to specify a port for https? Is there something else I need to do?
Python and docker aren't tools I use in my daily job, so I may be making a really newb mistake. Feel free to talk to me like a 4th grader.

[RafNie]

"-key-file" was typo, should be "--key-file". The path with /server/ part was ok, if the files were located there.

You need rebuild docker container after modify Dockerfile file. Thus, try to use docker-compose up --build to rebuild and run services.

[SvdSinner]

Using docker-compose up --build hasn't seemed to change anything. The output when I run docker-compose up (with or without --build and with or without passing the extra two parameters) may be relevant: $ docker-compose up Starting kaldidockerfolder_web_1 ... done Starting kaldidockerfolder_kaldi_1 ... done Attaching to kaldidockerfolder_web_1, kaldidockerfolder_kaldi_1 kaldi_1 | online2-tcp-nnet3-decode-faster --read-timeout=-1 --samp-freq=8000 --frames-per-chunk=20 --extra-left-context-initial=0 --frame-subsampling-factor=3 --conf ig=/model/model/conf/online.conf --min-active=200 --max-active=7000 --beam=15 --lattice-beam=8 --acoustic-scale=1.0 --port-num=5050 /model/model/final.mdl /model/graph/HCLG.fst /model/graph/words.txt kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:ComputeDerivedVars():ivector-extractor.cc:183) Computing derived variables for iVector extractor kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:ComputeDerivedVars():ivector-extractor.cc:204) Done. kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:RemoveOrphanNodes():nnet-nnet.cc:948) Removed 1 orphan nodes. kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:RemoveOrphanComponents():nnet-nnet.cc:847) Removing 2 orphan components. kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:Collapse():nnet-utils.cc:1378) Added 1 components, removed 2 kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:CompileLooped():nnet-compile-looped.cc:345) Spent 0.0160692 seconds in looped compilation. kaldi_1 | std::bad_allockaldidockerfolder_kaldi_1 exited with code 255

Does this final error message give any clues to why this isn't working?

[SvdSinner]

Has anyone gotten a Docker image to successfully serve HTTPS?
If I'm correct Docker is platform agnostic. I'm running it on an AWS Linux instance. There shouldn't be any issue with that, correct? Is there anything else I can post to help with the troubleshooting here?

[RafNie]

kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:CompileLooped():nnet-compile-looped.cc:345) Spent 0.0160692 seconds in looped compilation. kaldi_1 | std::bad_allockaldidockerfolder_kaldi_1 exited with code 255

This is another problem, seems to be not related with previous. Your kaldi container exited during application initialization because of some memory problem (exception bad_alloc).

I will give you more accurate recipe for adding cert and key:

1. cd docker
2. copy crt and key files in to docker folder as domain.csr and domain.key
3. modify web/Dockerfile (this is diff, + line replaces - line)

   -CMD ["--servers","/server/servers.json"]
   +CMD ["--servers","/server/servers.json","--cert-file","/server/domain.csr","--key-file","/server/domain.key"]

4. modify docker-compose.yml (this is diff, + lines are added)

   web:
   +    build: web
    image: "danijel3/kaldi-webrtc"
    volumes:
      - ${PWD}/servers.json:/server/servers.json
   +      - ${PWD}/domain.csr:/server/domain.csr
   +      - ${PWD}/domain.key:/server/domain.key

5. docker-compose up --build

After that test if the web page is available via https.

[SvdSinner]

I have made all those changes now, and am still not getting https to function. It did, however, change the error. Here is the new error: $ docker-compose up --build Creating network "kaldidockerfolder_default" with the default driver Creating kaldidockerfolder_web_1 ... done Creating kaldidockerfolder_kaldi_1 ... done Attaching to kaldidockerfolder_kaldi_1, kaldidockerfolder_web_1 kaldi_1 | online2-tcp-nnet3-decode-faster --read-timeout=-1 --samp-freq=8000 --frames-per -chunk=20 --extra-left-context-initial=0 --frame-subsampling-factor=3 --config=/model/mode l/conf/online.conf --min-active=200 --max-active=7000 --beam=15 --lattice-beam=8 --acousti c-scale=1.0 --port-num=5050 /model/model/final.mdl /model/graph/HCLG.fst /model/graph/word s.txt kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:ComputeDerivedVars():ivec tor-extractor.cc:183) Computing derived variables for iVector extractor kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:ComputeDerivedVars():ivec tor-extractor.cc:204) Done. web_1 | Traceback (most recent call last): web_1 | File "/server/server.py", line 89, in <module> web_1 | ssl_context.load_cert_chain(args.cert_file, args.key_file) web_1 | FileNotFoundError: [Errno 2] No such file or directory kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:RemoveOrphanNodes():nnet- nnet.cc:948) Removed 1 orphan nodes. kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:RemoveOrphanComponents(): nnet-nnet.cc:847) Removing 2 orphan components. kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:Collapse():nnet-utils.cc: 1378) Added 1 components, removed 2 kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:CompileLooped():nnet-comp ile-looped.cc:345) Spent 0.0110688 seconds in looped compilation. kaldi_1 | std::bad_allockaldidockerfolder_kaldi_1 exited with code 255 kaldidockerfolder_web_1 exited with code 1

Also, the only thing I hadn't already done was adding the two lines to docker-compose.yml, if that helps.

[RafNie]

web_1 | File "/server/server.py", line 89, in <module> web_1 | ssl_context.load_cert_chain(args.cert_file, args.key_file) web_1 | FileNotFoundError: [Errno 2] No such file or directory

This is the reason why https server does not work, cert file was not passed correctly. Please show content of docker-compose.yml and web/Dockerfile files. Also show me output of ls command in the docker folder.

[SvdSinner]

I found an error in the docker compose, fixed it, but now have a new error: web_1 | Traceback (most recent call last): web_1 | File "/server/server.py", line 89, in <module> web_1 | ssl_context.load_cert_chain(args.cert_file, args.key_file) web_1 | ssl.SSLError: [SSL] PEM lib (_ssl.c:4023)

NOTE: The cert used was created with the exact command that you posted above.

docker directory: $ ls -l total 32 -rw-rw-r-- 1 ec2-user ec2-user 321 Oct 23 18:11 docker-compose.yml -rw-rw-r-- 1 ec2-user ec2-user 1098 Oct 23 18:08 domain.csr -rw-rw-r-- 1 ec2-user ec2-user 1704 Oct 23 18:08 domain.key drwxrwxr-x 2 ec2-user ec2-user 4096 Oct 8 15:02 kaldi drwxrwxr-x 2 ec2-user ec2-user 4096 Oct 8 15:02 model -rw-rw-r-- 1 ec2-user ec2-user 2016 Oct 8 15:02 README.md -rw-rw-r-- 1 ec2-user ec2-user 96 Oct 8 15:02 servers.json drwxrwxr-x 2 ec2-user ec2-user 4096 Oct 8 15:02 web

docker-compose.yml: $ more docker-compose.yml version: '3.3' services: kaldi: image: "danijel3/kaldi-online-tcp:aspire" web: build: web image: "danijel3/kaldi-webrtc" volumes: - ${PWD}/servers.json:/server/servers.json - ${PWD}/domain.csr:/server/domain.csr - ${PWD}/domain.key:/server/domain.key ` ports: - "8080:8080"`

web/Dockerfile: $ more Dockerfile FROM debian:testing MAINTAINER Danijel Koržinek <danijel.korzinek@pja.edu.pl> `RUN apt-get update && \` ` apt-get install -y python3 python3-pip git libavdevice-dev libavfilter-dev lib` `opus-dev libvpx-dev pkg-config &&\` ` apt-get clean && apt-get autoclean` RUN pip3 install aiortc aiohttp numpy `RUN git clone https://github.com/danijel3/KaldiWebrtcServer /server` ENTRYPOINT ["python3","/server/server.py"] CMD ["--servers","/server/servers.json", "--cert-file", "/server/domain.csr", "--key-file" , "/server/domain.key"] #CMD ["--servers","/server/servers.json"]

[RafNie]

Now I see that I gave you recipe for generating CSR file. It's error. You need certificate file. You can generate self-signed CRT and key by command: openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt

Remove old domain.csr and domain.key and replace by new domain.crt and domain.key.

Change also file name in web/Dockerfile: CMD ["--servers","/server/servers.json","--cert-file","/server/domain.crt","--key-file","/server/domain.key"]

and in docker-compose.yml: - ${PWD}/domain.crt:/server/domain.crt