CARTODB in production with https

[cgcrespo]

How are you, We are developing progressive web pages - pwa - https://developers.google.com/web/progressive-web-apps/ to show carto maps and the implementation needs to use the https protocol.

I Take the code of your implementation and modify it, so that it runs with https and use cartodb production database the creation of the image (Dockerfile) runs without problems and the site of cartodb work properly I can consult data of the users, the organization and everything related to the administration part of the page, however I can not create maps, always shows me a blank page with the close button to return to the carto page implemented locally

I could give a light that I can review to correct this issue, I have reviewed these logs inside the container.

find / -name ".log" -exec ls -lt {} \; | grep -i "Aug" tail -f /var/log/postgresql/postgresql-10-main.log tail -f /var/log/nginx/cartodb_error.log tail -f /var/log/nginx/cartodb_access.log tail -f /var/log/redis/redis-server.log tail -f /tmp/analysis.log tail -f /cartodb/log/production.log tail -f /cartodb/resque.log tail -f /CartoDB-SQL-API/logs/cartodb-sql-api.log The Windshaft-cartodb log does not appear anywhere

There would be a way to change the main carto configuration files (app_config.yml, database.yml), Windshaft-cartodb (production.js), CartoDB-SQL-API (production.js) and restart the service to prove that the change has emerged effect. Or invoke a request using postman to prove that separate services are working.

I attach the implementation (docker-cartodb-prod.tar.gz) and a manual (RunSteps.txt) to execute it. To see if someone can give me a hand. Runing Container Source code docker-cartodb-prod.tar.gz Run Steps RunSteps.txt Link for downloading: https://drive.google.com/open?id=1ZS9rLCvE9GygEJPvJi57sXvs9bo3KIkW I has similar issue reported in case "carto not working #29" but in this topic don't detail the answer. My white blank showed when try to create new map is :

Thanks

[antoniovj1]

I have not solve the problem with the https, but you can run the container behind a https proxy. Is not an optimal solution, but can be useful until you find a solution. With Azure Functions Apps is very easy to set up a proxy.

[cgcrespo]

Thanks, I try to fix the dockerfile to get the same code the @sverhoeven in production too

[chrowe]

This is something I am trying to figure out as as well. I know https://github.com/chriswhong/docker-cartodb has done this, but is no longer being maintained. Since that repo is "inspired by and largely based" this one, I wonder if we could merge the two and provide an config option here for dev vs. prod

[chrowe]

Hi @sverhoeven I noticed your latest commit on this issue and wondering if there is anything I can do to help get this completed. I am working on a project and hoping to use this. I have a couple developers looking into it but not having any luck. If you have time to help point us in the right direction we might be able to contribute our work here.

Thanks, Chris

[sverhoeven]

I would happily accept a PR which completes the TODOs in https://github.com/sverhoeven/docker-cartodb/compare/https-prod branch

[chrowe]

We did actually get something working. I will see if we can work what we did into your PR.

I assume you meant to link to https://github.com/sverhoeven/docker-cartodb/compare/master...sverhoeven:https-prod

[cgcrespo]

It would be excellent !! When we start

Enviado desde mi iPhone

El oct. 29, 2018, a la(s) 11:26, Chris Rowe <@github.com> escribió:

We did actually get something working. I will see if we can work what we did into your PR.

I assume you meant to link to master...sverhoeven:https-prod

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[aarontract]

Thanks for sharing this, it was very useful.

[glaroc]

I'm just wondering if there is a recent update on this. Has anyone recently been able to build a fully functioning Carto stack with Docker on https?

[christophekey]

Not yet, but still trying :)

[aarontract]

I managed to get the master version to run under HTTPS at the start of Feb this year, I pulled the image from docker hub rather than doing a fresh build as a proof of concept.

I have a few notes here but not sure if they will help: https://github.com/sverhoeven/docker-cartodb/issues/67 I haven't looked at it since then.

I used nginx with a lets encrypt SSL cert sitting on the host box, then did some proxy_pass to inside docker containers.

Main trick was to set an environment variable for rails environment run as production mode, there seems to be some ruby code that has changed recently switch back to http if its not set this way.

[glaroc]

I can get the builder and the SQL api to work fine under https, and I can import datasets. However, I always get issues with the Maps API that's returning JS errors about missing templates. So, I can't generate any visualizations for sharing. The current Docker build works fine for me over http.

[glaroc]

I finally got it working. I tried to summarize my configuration in this fork: https://github.com/glaroc/docker-cartodb-https

[beltowski]

got it working over https based on @glaroc image, just can't load data view, keeps loading returning no error

[bmunyoki]

Did anyone get to solve error 502 on /api/v2/sql endpoint over https? @glaroc @beltowski @sverhoeven

[glaroc]

@bmunyoki it's working for me using the fork here https://github.com/glaroc/docker-cartodb-https

[ishiland]

@glaroc do you have a prebuilt image you can share? I'm unable to get your fork built or the master branch here.

I was able to build the py3pg12postgis3 branch, but experience the same issue as @bmunyoki mentioned.

Ill try and circle back to this when I have more time, in the meantime any direction is much appreciated.

[bmunyoki]

Hi @ishiland I ended up modifying the /api/v2/sql directives on cartodb.nginx.proxy.conf file to point to IP. Here is how my cartodb.nginx.proxy.conf looks:

server {
    if ($host = carto.wegov.nyc) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

       listen         80;
       #listen         [::]:80;
       server_name    <your domain/subdomain>;
       return         301 https://$server_name:3000$request_uri;

}

server {

  server_name <your domain/subdomain>;

  listen 443 ssl;
  #listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/<your domain/subdomain>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<your domain/subdomain>/privkey.pem; # managed by Certbot

  client_max_body_size 100M;

  location ~* /(user/.*/)?api/v1/maps {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass http://127.0.0.1:3000;

  }

  location ~* /(user/.*/)?api/v1/map {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass http://127.0.0.1:8181;
  }

  location ~* /(user/.*)?/api/v2/sql {
    # RedHog: Hack to work around bug in cartodb local hosting but using cdn for js libs
    # rewrite /(user/.*)?/api/v2/sql(.*) /$1/api/v2/sql$2  break;
    # proxy_set_header        Host $host;
    # proxy_set_header        X-Real-IP $remote_addr;
    # proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    # proxy_set_header        X-Forwarded-Proto $scheme;

    # Change default timeout for your long-running SQL api calls!
    proxy_read_timeout 300s;

    # proxy_pass http://127.0.0.1:8080;
    proxy_pass http://<Your server public IP>:8080;
  }

  location ^~ /assets {
    root /cartodb/public;
  }

  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass http://127.0.0.1:3000;
  }

  error_log /var/log/nginx/cartodb_error.log;
  access_log /var/log/nginx/cartodb_access.log;

}

Note, I did certbot install manually (whatever is commented with #managed by certbot)

[ishiland]

@bmunyoki I ended up taking the microservices approach based on https://github.com/sabman/cartodb-docker-fork. SSL is working good for me now.