Rasa: How to enable https on rasa core server

Created on 27 Dec 2018  ·  6Comments  ·  Source: RasaHQ/rasa

Rasa Core version:
0.12.3
Python version:
3.6.7
Operating system (windows, osx, ...):
windows 7 64 bit

Issue:

Hey guys! So my bot is running on AWS and i’m getting the reply in my browser. But it’s a “http” i.e. it’s not secure port. I need secure port to run with my web app. Whenever I enable the SSL on port 5005 and try to run the bot it gives error and says,

File “/home/ubuntu/.local/lib/python3.6/site-packages/gevent/server.py”, line 256,│

in _tcp_listener │ sock.bind(address) │

OSError: [Errno 98] Address already in use: (‘0.0.0.0’, 5005)

Now when I disable my SSL and run the bot, It runs easily and replies on http call. So how can I convert this http to https? Any help is appreciated.

Content of domain file (if used & relevant):
picture Akshit99

Most helpful comment

Your Rasa Core should be up and running on default port 5005 (If you are not dealing with specific requirement). So first check, you able to hit rasa core from postman or not. If that is ok.

Regarding Apache, you may follow this.
Apache In Ubuntu
Make sure Apache is listening on port 80 and 443.

Make sure you have followed these steps to make reverse proxy work.

Enable SSL module of Apache

$ sudo a2enmod ssl
$ service apache2 reload
$ service apache2 restart

Install Certificate

Create a directory called "certificates" at this location (or anything of your choice)
$cd /etc/apache2/certificates
Upload your certificate and private key to above location
certificate.csr and certificate.key

$ cd /etc/apache2/sites-available
$ vim default-ssl.conf

Add these contents to make your Apache HTTPs enabled

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName domain-name.com
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on

        SSLCertificateFile  /etc/apache2/certificates/certificate.cer
        SSLCertificateKeyFile  /etc/apache2/certificates/certificate.key
    </VirtualHost>
</IfModule>

start

$ service apache2 reload
$ service apache2 restart

So now you should about to access your localhost in browser
https://your-domain-name/

Make sure Apache Default page is coming over https

Now you need to do proxy forwarding to Rasa to port 5005

$ cd /etc/apache2/sites-available
$ vim default-ssl.conf

Now you need to tell apache , to redirect all traffic to http/5005 port. that's it.

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName domain-name.com
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on

        SSLCertificateFile  **/etc/apache2/certificates/certificate.cer**
        SSLCertificateKeyFile  **/etc/apache2/certificates/certificate.key**

                ProxyRequests     Off
                ProxyPreserveHost On
                ProxyPass /rasa/  http://localhost:5005/ nocanon
                ProxyPassReverse  /rasa/  http://localhost:5005

                AllowEncodedSlashes NoDecode
                RequestHeader set X-Forwarded-Proto "https"
                RequestHeader set X-Forwarded-Port "443"
                RedirectPermanent /rasa

                <Location http://localhost:5005/rasa*>
                   Order deny,allow
                   Allow from all
                </Location>
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
                </Directory>
    </VirtualHost>
</IfModule>

start

$ service apache2 reload
$ service apache2 restart

Now check
https://your-domain-name/rasa/
and send some POSt request with body. It should be working

picture bikashkumars on 31 Dec 2018
👍3

All 6 comments

Hi,

You need to use Proxy approach to solve this. In your AWS, install Apache Web Server or Nginx. Then Install your self-signed or CA signed certificate on Apache or Nginx. Then redirect traffic to Rasa.

Browser/Client -> https AWS -> AWS Apache -> Proxy forward to rasa over http -> rasa http

If you need more info on how to do it, reply back.

bikashkumars picture bikashkumars on 31 Dec 2018
👍2

So I tried to setup proxy by apache mod_proxy,
I followed a procedure and completed all the steps.

  1. all certificates are there already
  2. I modified the ports.conf file and added a listen port to 5005 for rasa core
  3. I modified 000-default.conf file and added all these lines

    ProxyPreserveHost On
ProxyPass / http://my_ip:5005/
ProxyPassReverse / http://my_ip:5005/

  1. and then restarted apache for the changes
  1. Then why I try to run the bot: It says
    OSerror [error 98]: Already in use port (0.0.0.0:5005)
  2. Now when I disable all the things that did, The bot runs.
    So this is back and forth !! I don't know if this is a port issue, directory issue or something. I can provide you more details if you want. Thanks for you help !:)
Akshit99 picture Akshit99 on 31 Dec 2018

Your Rasa Core should be up and running on default port 5005 (If you are not dealing with specific requirement). So first check, you able to hit rasa core from postman or not. If that is ok.

Regarding Apache, you may follow this.
Apache In Ubuntu
Make sure Apache is listening on port 80 and 443.

Make sure you have followed these steps to make reverse proxy work.

Enable SSL module of Apache

$ sudo a2enmod ssl
$ service apache2 reload
$ service apache2 restart

Install Certificate

Create a directory called "certificates" at this location (or anything of your choice)
$cd /etc/apache2/certificates
Upload your certificate and private key to above location
certificate.csr and certificate.key

$ cd /etc/apache2/sites-available
$ vim default-ssl.conf

Add these contents to make your Apache HTTPs enabled

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName domain-name.com
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on

        SSLCertificateFile  /etc/apache2/certificates/certificate.cer
        SSLCertificateKeyFile  /etc/apache2/certificates/certificate.key
    </VirtualHost>
</IfModule>

start

$ service apache2 reload
$ service apache2 restart

So now you should about to access your localhost in browser
https://your-domain-name/

Make sure Apache Default page is coming over https

Now you need to do proxy forwarding to Rasa to port 5005

$ cd /etc/apache2/sites-available
$ vim default-ssl.conf

Now you need to tell apache , to redirect all traffic to http/5005 port. that's it.

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName domain-name.com
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on

        SSLCertificateFile  **/etc/apache2/certificates/certificate.cer**
        SSLCertificateKeyFile  **/etc/apache2/certificates/certificate.key**

                ProxyRequests     Off
                ProxyPreserveHost On
                ProxyPass /rasa/  http://localhost:5005/ nocanon
                ProxyPassReverse  /rasa/  http://localhost:5005

                AllowEncodedSlashes NoDecode
                RequestHeader set X-Forwarded-Proto "https"
                RequestHeader set X-Forwarded-Port "443"
                RedirectPermanent /rasa

                <Location http://localhost:5005/rasa*>
                   Order deny,allow
                   Allow from all
                </Location>
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
                </Directory>
    </VirtualHost>
</IfModule>

start

$ service apache2 reload
$ service apache2 restart

Now check
https://your-domain-name/rasa/
and send some POSt request with body. It should be working

bikashkumars picture bikashkumars on 31 Dec 2018
👍3

Wow this look really detailed! I'll try this and will let you know! Thanks a lot :) :)

Akshit99 picture Akshit99 on 31 Dec 2018

I'm gonna close this as it looks like it's resolved :)

akelad picture akelad on 7 Jan 2019

Hi @bikashkumars

I got error in these line and i am stucked here, Can you help me out in this.

" RedirectPermanent /rasa"

Regards
Manthan Tanna

Manthan1394 picture Manthan1394 on 16 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mit4dev picture mit4dev  ·  4Comments
lomarceau picture lomarceau  ·  3Comments
nahidalam picture nahidalam  ·  3Comments
alonsopg picture alonsopg  ·  3Comments
jahid-ict picture jahid-ict  ·  3Comments