From cfb2f92c70a19cf6dc1929b2aa355357449ee319 Mon Sep 17 00:00:00 2001 From: Aidan-B1409 Date: Thu, 25 Jul 2024 15:03:35 -0700 Subject: [PATCH 1/9] Update nginx to route fastapi --- compose.yaml | 7 +++---- nginx/nginx.conf | 52 +++++++++++++++++++++++++++++++++++------------- 2 files changed, 41 insertions(+), 18 deletions(-) diff --git a/compose.yaml b/compose.yaml index d8931bc..78c1c58 100644 --- a/compose.yaml +++ b/compose.yaml @@ -28,8 +28,8 @@ services: # Build our local container connect it to the mongo bridge network and expose port 80 so we can access the API fastapi: build: . - ports: - - "30080:80" + expose: + - "80" networks: - mongoNetwork secrets: @@ -41,8 +41,6 @@ services: streamlit: build: streamlit/ - # ports: - # - "30081:8501" expose: - "8501" networks: @@ -57,6 +55,7 @@ services: build: nginx/ ports: - "30081:443" + - "30080:8081" networks: - mongoNetwork depends_on: diff --git a/nginx/nginx.conf b/nginx/nginx.conf index b3b68e3..befaaae 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -17,20 +17,44 @@ server { } location /_stcore/stream { # most important config - resolver 127.0.0.11 valid=1s ipv6=off; - set $stream streamlit:8501/_stcore/stream; - proxy_pass http://$stream; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_redirect off; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; + resolver 127.0.0.11 valid=1s ipv6=off; + set $stream streamlit:8501/_stcore/stream; + proxy_pass http://$stream; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_redirect off; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; + + } + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + rewrite_log on; + error_log /var/log/nginx/localhost.error_log notice; +} + +server{ + listen 8081 ssl; + server_name sb-binsight.dri.oregonstate.edu; + + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /run/secrets/sslKey; + + location / { + resolver 127.0.0.11 valid=1s ipv6=off; + set $fastapi fastapi; + proxy_pass http://$fastapi + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_redirect off; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; + } - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - rewrite_log on; - error_log /var/log/nginx/localhost.error_log notice; + } From ef31164d5c522d41a14699ecee9bc54fb93efdfb Mon Sep 17 00:00:00 2001 From: Aidan-B1409 Date: Thu, 25 Jul 2024 15:04:38 -0700 Subject: [PATCH 2/9] Bugfix: nginx --- nginx/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index befaaae..7a93cb1 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -45,7 +45,7 @@ server{ location / { resolver 127.0.0.11 valid=1s ipv6=off; set $fastapi fastapi; - proxy_pass http://$fastapi + proxy_pass http://$fastapi; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; From b9381d42c79b1a1e7f2c11add9445e05d1b66f84 Mon Sep 17 00:00:00 2001 From: Aidan-B1409 Date: Thu, 25 Jul 2024 15:06:38 -0700 Subject: [PATCH 3/9] Update streamlit to use https when retrieving from fastapi --- streamlit/streamlit.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/streamlit/streamlit.py b/streamlit/streamlit.py index a75644d..e050c4e 100644 --- a/streamlit/streamlit.py +++ b/streamlit/streamlit.py @@ -18,7 +18,7 @@ # Future update should include drop-down menu for device serial number # Will require mapping to device IDs DEVICE_ID = "c00ef8a4d3dda476" -BASE_URL = "http://sb-binsight.dri.oregonstate.edu:30080/api" +BASE_URL = "https://sb-binsight.dri.oregonstate.edu:30080/api" st.set_page_config(layout="wide") # Run the autorefresh about every 5000 milliseconds (5 seconds) and stop From 95bd0fb440b8ddd9c1aa540635d39dfd5978c549 Mon Sep 17 00:00:00 2001 From: Aidan-B1409 Date: Thu, 25 Jul 2024 15:11:53 -0700 Subject: [PATCH 4/9] Disable client SSL certificate verification for streamlit --- streamlit/streamlit.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/streamlit/streamlit.py b/streamlit/streamlit.py index e050c4e..5f0bbba 100644 --- a/streamlit/streamlit.py +++ b/streamlit/streamlit.py @@ -31,7 +31,7 @@ API_KEY = os.getenv("API_KEY") logging.info(f"BAD DEBUG: {API_KEY}") -client = httpx.Client() +client = httpx.Client(verify=False) def get_user_creds() -> dict: From f3f2cf063b04396ae3e337e7a8d554275090735e Mon Sep 17 00:00:00 2001 From: Aidan-B1409 Date: Thu, 25 Jul 2024 15:13:47 -0700 Subject: [PATCH 5/9] Disable client SSL certificate verification for streamlit --- streamlit/streamlit.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/streamlit/streamlit.py b/streamlit/streamlit.py index 5f0bbba..a6384b2 100644 --- a/streamlit/streamlit.py +++ b/streamlit/streamlit.py @@ -83,7 +83,7 @@ def extract_zip(img_b: io.BytesIO) -> None: def get_latest_detection() -> dict: - client = httpx.Client() + client = httpx.Client(verify=False) img_info = get_image_info(DEVICE_ID, client)["items"][0] file_name = get_img_path(img_info) img_path = get_image(DEVICE_ID, file_name) From 8539e5d8a48813ae0b4cba82e6e2a40c4e4f1c9f Mon Sep 17 00:00:00 2001 From: Aidan-B1409 Date: Thu, 25 Jul 2024 15:23:22 -0700 Subject: [PATCH 6/9] Add support for large file uploads to nginx --- nginx/nginx.conf | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 7a93cb1..1dcaad2 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -35,26 +35,32 @@ server { error_log /var/log/nginx/localhost.error_log notice; } -server{ - listen 8081 ssl; - server_name sb-binsight.dri.oregonstate.edu; +http{ - ssl_certificate /etc/ssl/certs/cert.pem; - ssl_certificate_key /run/secrets/sslKey; + sendfile on; + client_max_body_size 100M; - location / { - resolver 127.0.0.11 valid=1s ipv6=off; - set $fastapi fastapi; - proxy_pass http://$fastapi; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_redirect off; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; + server{ + listen 8081 ssl; + server_name sb-binsight.dri.oregonstate.edu; + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /run/secrets/sslKey; + + location / { + resolver 127.0.0.11 valid=1s ipv6=off; + set $fastapi fastapi; + proxy_pass http://$fastapi; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_redirect off; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; - } + } + + } } From ad2ddbdcf63970c8b10b6c3a2f066041c8acd246 Mon Sep 17 00:00:00 2001 From: Aidan-B1409 Date: Thu, 25 Jul 2024 15:25:08 -0700 Subject: [PATCH 7/9] Update nginx config --- nginx/nginx.conf | 76 +++++++++++++++++++++++------------------------- 1 file changed, 36 insertions(+), 40 deletions(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 1dcaad2..6f4a4d0 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,44 +1,43 @@ -server { - listen 443 ssl; - server_name sb-binsight.dri.oregonstate.edu; +http { + sendfile on; + client_max_body_size 100M; - ssl_certificate /etc/ssl/certs/cert.pem; - ssl_certificate_key /run/secrets/sslKey; - - location / { - resolver 127.0.0.11 valid=1s ipv6=off; - set $st_app streamlit:8501; - proxy_pass http://$st_app; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_redirect off; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /_stcore/stream { # most important config - resolver 127.0.0.11 valid=1s ipv6=off; - set $stream streamlit:8501/_stcore/stream; - proxy_pass http://$stream; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_redirect off; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; + server { + listen 443 ssl; + server_name sb-binsight.dri.oregonstate.edu; - } - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - rewrite_log on; - error_log /var/log/nginx/localhost.error_log notice; -} + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /run/secrets/sslKey; -http{ + location / { + resolver 127.0.0.11 valid=1s ipv6=off; + set $st_app streamlit:8501; + proxy_pass http://$st_app; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /_stcore/stream { # most important config + resolver 127.0.0.11 valid=1s ipv6=off; + set $stream streamlit:8501/_stcore/stream; + proxy_pass http://$stream; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_redirect off; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; - sendfile on; - client_max_body_size 100M; + } + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + rewrite_log on; + error_log /var/log/nginx/localhost.error_log notice; + } server{ listen 8081 ssl; @@ -58,9 +57,6 @@ http{ proxy_redirect off; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; - - } - } } From 4181d6d5422e4be48a336a6a441cca72bc89bc5f Mon Sep 17 00:00:00 2001 From: Aidan-B1409 Date: Thu, 25 Jul 2024 15:28:21 -0700 Subject: [PATCH 8/9] Update nginx config --- nginx/nginx.conf | 102 +++++++++++++++++++++++------------------------ 1 file changed, 50 insertions(+), 52 deletions(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 6f4a4d0..7f1a63e 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,62 +1,60 @@ -http { - sendfile on; - client_max_body_size 100M; +sendfile on; +client_max_body_size 100M; - server { - listen 443 ssl; - server_name sb-binsight.dri.oregonstate.edu; +server { + listen 443 ssl; + server_name sb-binsight.dri.oregonstate.edu; - ssl_certificate /etc/ssl/certs/cert.pem; - ssl_certificate_key /run/secrets/sslKey; + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /run/secrets/sslKey; - location / { - resolver 127.0.0.11 valid=1s ipv6=off; - set $st_app streamlit:8501; - proxy_pass http://$st_app; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_redirect off; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /_stcore/stream { # most important config - resolver 127.0.0.11 valid=1s ipv6=off; - set $stream streamlit:8501/_stcore/stream; - proxy_pass http://$stream; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_redirect off; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; + location / { + resolver 127.0.0.11 valid=1s ipv6=off; + set $st_app streamlit:8501; + proxy_pass http://$st_app; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /_stcore/stream { # most important config + resolver 127.0.0.11 valid=1s ipv6=off; + set $stream streamlit:8501/_stcore/stream; + proxy_pass http://$stream; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_redirect off; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; - } - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - rewrite_log on; - error_log /var/log/nginx/localhost.error_log notice; } + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + rewrite_log on; + error_log /var/log/nginx/localhost.error_log notice; +} - server{ - listen 8081 ssl; - server_name sb-binsight.dri.oregonstate.edu; +server{ + listen 8081 ssl; + server_name sb-binsight.dri.oregonstate.edu; - ssl_certificate /etc/ssl/certs/cert.pem; - ssl_certificate_key /run/secrets/sslKey; + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /run/secrets/sslKey; - location / { - resolver 127.0.0.11 valid=1s ipv6=off; - set $fastapi fastapi; - proxy_pass http://$fastapi; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_redirect off; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } + location / { + resolver 127.0.0.11 valid=1s ipv6=off; + set $fastapi fastapi; + proxy_pass http://$fastapi; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_redirect off; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; } } From c63de96abbf7815890cd73f36d9ce4d7a7e4c63f Mon Sep 17 00:00:00 2001 From: Aidan-B1409 Date: Thu, 25 Jul 2024 15:29:58 -0700 Subject: [PATCH 9/9] Update nginx config --- nginx/nginx.conf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 7f1a63e..75eb80f 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,6 +1,3 @@ -sendfile on; -client_max_body_size 100M; - server { listen 443 ssl; server_name sb-binsight.dri.oregonstate.edu; @@ -42,6 +39,8 @@ server{ listen 8081 ssl; server_name sb-binsight.dri.oregonstate.edu; + sendfile on; + client_max_body_size 100M; ssl_certificate /etc/ssl/certs/cert.pem; ssl_certificate_key /run/secrets/sslKey;