Add/https

[vsoch]

Description of the Pull Request (PR):
This will be the start to testing https for the containers! Specifically, I built a development "builder" locally, and I'll document how I did that here.

I first created a Dockerfile to generate the builder for my add/https branch

FROM vanessa/expfactory-builder:base

# docker build -f Dockerfile.dev -t vanessa/expfactory-builder .

###################################
# Experiment Factory
###################################

WORKDIR /opt
RUN git clone -b add/https https://www.github.com/expfactory/expfactory
WORKDIR /opt/expfactory
RUN python3 setup.py install
RUN python3 -m pip install pyaml
ADD entrypoint.sh /entrypoint.sh
RUN chmod u+x /entrypoint.sh
RUN mkdir -p /scif/apps
RUN mkdir -p /data

ENTRYPOINT ["/bin/bash","/entrypoint.sh"]

I called this Dockerfile.dev so I built specifying the file:

docker build -f Dockerfile.dev -t vanessa/expfactory-builder .

Once I had the builder, I could specify using the https template for my Dockerfile. What this comes down to is that the build will use an nginx configuration with https enabled.

mkdir -p /tmp/my-experiment
docker run -v /tmp/my-experiment:/data \
              vanessa/expfactory-builder \
              build tower-of-london \
              --input build/docker/Dockerfile.https

Expfactory Version: 3.13
LOG Recipe written to /data/Dockerfile

To build, cd to directory with Dockerfile and:
              docker build --no-cache -t expfactory/experiments .

We can see the generated files:

tree /tmp/my-experiment
/tmp/my-experiment
├── Dockerfile
└── startscript.sh

0 directories, 2 files

The primary difference is that we are copying the https nginx configuration instead of nginx.gunicorn.conf

RUN cp script/nginx.https.conf /etc/nginx/sites-enabled/default && \
    cp script/nginx.conf /etc/nginx/nginx.conf

Next Steps

I am attaching the files here (Dockerfile and startscript.sh) because next steps require setting up a server with certificates to run the application. I can almost assure you this is going to be tricky and take some debugging with reviewers, but fingers crossed we can get it working. I've put verbose instructions for setting up the certificates and server here --> https://github.com/expfactory/expfactory/blob/add/https/docs/pages/1-generate.md#https-container Note that I've already run the command to generate the Dockerfile, and I'm providing it here with the startscript. I haven't tested any of this (because it would require setting up a server) but I can offer to help walk through someone else following the steps. The Dockerfile and startscript.sh are provided in this gist (it won't let me upload it here).

Dockerfile and startscript.sh

There seem to be many ways to set up the nginx configuration, and what we will likely want to do (for the testers here!) is to get the https working on the host, and then build a container with the nginx.https.conf, and then iterate through:

1. shell into the container
2. make some change to /etc/nginx/sites-enabled/default which is where the nginx certificate is
3. restart the container and try again.

Information / debugging can be found in the container logs, docker logs <container_id> or by looking at the nginx logs in /var/log/nginx/.

This fixes or addresses the following GitHub issues:

• Ref: add https example #81

Checkoff for all PRs:

• I have read the Guidelines for Contributing and this PR conforms to the stated requirements.
• I have updated the CHANGELOG

Attn: @expfactory-admin

[vsoch]

ooooohhhhmaaahooosh!