Docker image needs to support https

[SvdSinner]

The docker image does not support HTTPS. Without HTTPS, chrome will not allow use of navigator.mediaDevices.getUserMedia, and thus the script errors out and the demo fails.

The error that shows up in to logs if the website is called with HTTPS is:
[2020-10-09 13:48:19,546] aiohttp.server Error handling request
Traceback (most recent call last):
File "/usr/local/lib/python3.7/dist-packages/aiohttp/web_protocol.py", line 275, in data_received
messages, upgraded, tail = self._request_parser.feed_data(data)
File "aiohttp/_http_parser.pyx", line 523, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: invalid HTTP method

[RafNie]

Did you pass cert and key files in to server.py script?
You can generate self-signeg pair by command
openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
then copy it in to main folder an pass it to script by parameters --cert-file domain.csr and --key-file domain.key.

The best add those parameters in this line

KaldiWebrtcServer/docker/web/Dockerfile

Line 13 in 1572211

CMD ["--servers","/server/servers.json"]

[SvdSinner]

I've tried to implement this with no luck. I'm a newb to Docker-Compose, and I may be doing something incorrectly. I changed the DockerFile line 13 to CMD ["--servers","/server/servers.json", "--cert-file", "/server/domain.csr", "-key-file", "/server/domain.key"]
After I save the change, I go back to the directory I copied the docker-compose.yml to and execute a "docker-compose down" and then a "docker-compose up" to restart everything.

I also tried iterations with "--key-file" instead of "-key-file" and iterations that omitted the /server/ part of the path to the files. (The two domain.* files are in the same folder as server.py and servers.json, and also copied into the folder with the copy of the docker-compose.yml I am using) None of them seem to enable https.

Do I need to do something to the docker-compose.yml to make it recognize the change?
Do I somewhere need to specify a port for https?
Is there something else I need to do?
Python and docker aren't tools I use in my daily job, so I may be making a really newb mistake. Feel free to talk to me like a 4th grader.

[RafNie]

"-key-file" was typo, should be "--key-file".
The path with /server/ part was ok, if the files were located there.

You need rebuild docker container after modify Dockerfile file. Thus, try to use docker-compose up --build to rebuild and run services.

[SvdSinner]

Using docker-compose up --build hasn't seemed to change anything. The output when I run docker-compose up (with or without --build and with or without passing the extra two parameters) may be relevant:
$ docker-compose up
Starting kaldidockerfolder_web_1 ... done
Starting kaldidockerfolder_kaldi_1 ... done
Attaching to kaldidockerfolder_web_1, kaldidockerfolder_kaldi_1
kaldi_1 | online2-tcp-nnet3-decode-faster --read-timeout=-1 --samp-freq=8000 --frames-per-chunk=20 --extra-left-context-initial=0 --frame-subsampling-factor=3 --conf ig=/model/model/conf/online.conf --min-active=200 --max-active=7000 --beam=15 --lattice-beam=8 --acoustic-scale=1.0 --port-num=5050 /model/model/final.mdl /model/graph/HCLG.fst /model/graph/words.txt
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:ComputeDerivedVars():ivector-extractor.cc:183) Computing derived variables for iVector extractor
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:ComputeDerivedVars():ivector-extractor.cc:204) Done.
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:RemoveOrphanNodes():nnet-nnet.cc:948) Removed 1 orphan nodes.
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:RemoveOrphanComponents():nnet-nnet.cc:847) Removing 2 orphan components.
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:Collapse():nnet-utils.cc:1378) Added 1 components, removed 2
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:CompileLooped():nnet-compile-looped.cc:345) Spent 0.0160692 seconds in looped compilation.
kaldi_1 | std::bad_allockaldidockerfolder_kaldi_1 exited with code 255

Does this final error message give any clues to why this isn't working?

[SvdSinner]

Has anyone gotten a Docker image to successfully serve HTTPS?
If I'm correct Docker is platform agnostic. I'm running it on an AWS Linux instance. There shouldn't be any issue with that, correct?
Is there anything else I can post to help with the troubleshooting here?

[RafNie]

kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:CompileLooped():nnet-compile-looped.cc:345) Spent 0.0160692 seconds in looped compilation.
kaldi_1 | std::bad_allockaldidockerfolder_kaldi_1 exited with code 255

This is another problem, seems to be not related with previous. Your kaldi container exited during application initialization because of some memory problem (exception bad_alloc).

I will give you more accurate recipe for adding cert and key:

1. cd docker
2. copy crt and key files in to docker folder as domain.csr and domain.key
3. modify web/Dockerfile (this is diff, + line replaces - line)

-CMD ["--servers","/server/servers.json"]
+CMD ["--servers","/server/servers.json","--cert-file","/server/domain.csr","--key-file","/server/domain.key"]

4. modify docker-compose.yml (this is diff, + lines are added)

   web:
+    build: web
     image: "danijel3/kaldi-webrtc"
     volumes:
       - ${PWD}/servers.json:/server/servers.json
+      - ${PWD}/domain.csr:/server/domain.csr
+      - ${PWD}/domain.key:/server/domain.key

5. docker-compose up --build

After that test if the web page is available via https.

[SvdSinner]

I have made all those changes now, and am still not getting https to function. It did, however, change the error. Here is the new error:
$ docker-compose up --build
Creating network "kaldidockerfolder_default" with the default driver
Creating kaldidockerfolder_web_1 ... done
Creating kaldidockerfolder_kaldi_1 ... done
Attaching to kaldidockerfolder_kaldi_1, kaldidockerfolder_web_1
kaldi_1 | online2-tcp-nnet3-decode-faster --read-timeout=-1 --samp-freq=8000 --frames-per -chunk=20 --extra-left-context-initial=0 --frame-subsampling-factor=3 --config=/model/mode l/conf/online.conf --min-active=200 --max-active=7000 --beam=15 --lattice-beam=8 --acousti c-scale=1.0 --port-num=5050 /model/model/final.mdl /model/graph/HCLG.fst /model/graph/word s.txt
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:ComputeDerivedVars():ivec tor-extractor.cc:183) Computing derived variables for iVector extractor
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:ComputeDerivedVars():ivec tor-extractor.cc:204) Done.
web_1 | Traceback (most recent call last):
web_1 | File "/server/server.py", line 89, in <module>
web_1 | ssl_context.load_cert_chain(args.cert_file, args.key_file)
web_1 | FileNotFoundError: [Errno 2] No such file or directory
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:RemoveOrphanNodes():nnet- nnet.cc:948) Removed 1 orphan nodes.
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:RemoveOrphanComponents(): nnet-nnet.cc:847) Removing 2 orphan components.
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:Collapse():nnet-utils.cc: 1378) Added 1 components, removed 2
kaldi_1 | LOG (online2-tcp-nnet3-decode-faster[5.5.259~1-25269]:CompileLooped():nnet-comp ile-looped.cc:345) Spent 0.0110688 seconds in looped compilation.
kaldi_1 | std::bad_allockaldidockerfolder_kaldi_1 exited with code 255
kaldidockerfolder_web_1 exited with code 1

Also, the only thing I hadn't already done was adding the two lines to docker-compose.yml, if that helps.

[RafNie]

web_1 | File "/server/server.py", line 89, in <module>
web_1 | ssl_context.load_cert_chain(args.cert_file, args.key_file)
web_1 | FileNotFoundError: [Errno 2] No such file or directory

This is the reason why https server does not work, cert file was not passed correctly.
Please show content of docker-compose.yml and web/Dockerfile files.
Also show me output of ls command in the docker folder.

[SvdSinner]

I found an error in the docker compose, fixed it, but now have a new error:
web_1 | Traceback (most recent call last):
web_1 | File "/server/server.py", line 89, in <module>
web_1 | ssl_context.load_cert_chain(args.cert_file, args.key_file)
web_1 | ssl.SSLError: [SSL] PEM lib (_ssl.c:4023)

NOTE: The cert used was created with the exact command that you posted above.

docker directory:
$ ls -l
total 32
-rw-rw-r-- 1 ec2-user ec2-user 321 Oct 23 18:11 docker-compose.yml
-rw-rw-r-- 1 ec2-user ec2-user 1098 Oct 23 18:08 domain.csr
-rw-rw-r-- 1 ec2-user ec2-user 1704 Oct 23 18:08 domain.key
drwxrwxr-x 2 ec2-user ec2-user 4096 Oct 8 15:02 kaldi
drwxrwxr-x 2 ec2-user ec2-user 4096 Oct 8 15:02 model
-rw-rw-r-- 1 ec2-user ec2-user 2016 Oct 8 15:02 README.md
-rw-rw-r-- 1 ec2-user ec2-user 96 Oct 8 15:02 servers.json
drwxrwxr-x 2 ec2-user ec2-user 4096 Oct 8 15:02 web

docker-compose.yml:
$ more docker-compose.yml
version: '3.3'
services:
kaldi:
image: "danijel3/kaldi-online-tcp:aspire"
web:
build: web
image: "danijel3/kaldi-webrtc"
volumes:
- ${PWD}/servers.json:/server/servers.json
- ${PWD}/domain.csr:/server/domain.csr
- ${PWD}/domain.key:/server/domain.key
``
ports:
` - "8080:8080"`

web/Dockerfile:
$ more Dockerfile
FROM debian:testing
MAINTAINER Danijel Koržinek <[email protected]>
`RUN apt-get update && \` ` apt-get install -y python3 python3-pip git libavdevice-dev libavfilter-dev lib` `opus-dev libvpx-dev pkg-config &&\` ` apt-get clean && apt-get autoclean`
RUN pip3 install aiortc aiohttp numpy
`RUN git clone https://github.com/danijel3/KaldiWebrtcServer /server`
ENTRYPOINT ["python3","/server/server.py"]
CMD ["--servers","/server/servers.json", "--cert-file", "/server/domain.csr", "--key-file"
, "/server/domain.key"]
#CMD ["--servers","/server/servers.json"]

[RafNie]

Now I see that I gave you recipe for generating CSR file. It's error. You need certificate file. You can generate self-signed CRT and key by command:
openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt

Remove old domain.csr and domain.key and replace by new domain.crt and domain.key.

Change also file name in web/Dockerfile:
CMD ["--servers","/server/servers.json","--cert-file","/server/domain.crt","--key-file","/server/domain.key"]

and in docker-compose.yml:
- ${PWD}/domain.crt:/server/domain.crt