Great image about stf-poc HOT 13 CLOSED

from stf-poc.

Пробую поднять на https
Поменял порт в docker-compose.yml c 80 на 443
Прокинул сертификат в контейнер через - Volume
В nginx.conf добавил путь к сертификату, сказал слушать 443 порт, может подскажите что еще нужно чтоб работало?

Пока говорит
An error occurred during a connection to ip address. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

from stf-poc.

from stf-poc.

Не, нету, закинул на почту docker-compose.yml и nginx.conf
думаю проблема именно в nginx.conf, надо правильно написать конфиг, помоги плиз

from stf-poc.

from stf-poc.

Добрый день, Можешь попробовать запустить с SSL ? у меня вышло запустить https://ip address/auth/mock/ после логина пустой экран https://ip address

from stf-poc.

enabling SSL should be a matter of configuring the Reverse Proxy and the URLs (in the Environment Variables for the services)

from stf-poc.

Hi, @nikosch86 thx for response, I will be grateful for help
The first page working well https://172.25.61.105/auth/mock/ after enter a credentials, Blank screen

My configs
docker-compose.yml

version: '2'

volumes:
rethinkdb:
storage-temp:

services:
nginx:
build: nginx/
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/ssl:/etc/ssl/certs
restart: unless-stopped
ports:
- 80:80
- 443:443
depends_on:
- app
- auth
- storage-plugin-apk
- storage-plugin-image
- storage-temp
- websocket
- api
adb:
image: sorccu/adb:latest
restart: unless-stopped
privileged: true
volumes:
- /dev/bus/usb:/dev/bus/usb
rethinkdb:
image: rethinkdb:2.3
restart: unless-stopped
volumes:
- rethinkdb:/data
app:
image: openstf/stf:latest
restart: unless-stopped
environment:
- RETHINKDB_PORT_28015_TCP
- SECRET
command: stf app --auth-url https://${PUBLIC_IP}/auth/mock/ --websocket-url ws://${PUBLIC_IP}/ --port 3000
depends_on:
- rethinkdb
- auth
- websocket
auth:
image: openstf/stf:latest
restart: unless-stopped
environment:
- SECRET
command: stf auth-mock --app-url https://${PUBLIC_IP}/ --port 3000
processor:
image: openstf/stf:latest
restart: unless-stopped
environment:
- RETHINKDB_PORT_28015_TCP
command: stf processor --connect-app-dealer tcp://triproxy:7160 --connect-dev-dealer tcp://dev-triproxy:7260
depends_on:
- rethinkdb
- triproxy
- dev-triproxy
triproxy:
image: openstf/stf:latest
restart: unless-stopped
command: stf triproxy app --bind-pub "tcp://:7150" --bind-dealer "tcp://:7160" --bind-pull "tcp://:7170"
dev-triproxy:
image: openstf/stf:latest
restart: unless-stopped
command: stf triproxy dev --bind-pub "tcp://:7250" --bind-dealer "tcp://:7260" --bind-pull "tcp://:7270"
migrate:
image: openstf/stf:latest
environment:
- RETHINKDB_PORT_28015_TCP
command: stf migrate
depends_on:
- rethinkdb
provider:
image: openstf/stf:latest
restart: unless-stopped
command: stf provider --name ${STATION_NAME} --connect-sub tcp://dev-triproxy:7250 --connect-push tcp://dev-triproxy:7270 --storage-url https://${PUBLIC_IP}/ --public-ip ${PUBLIC_IP} --heartbeat-interval 10000 --screen-ws-url-pattern "ws://${PUBLIC_IP}/d/nuc/<%= serial %>/<%= publicPort %>/" --adb-host adb --min-port 7400 --max-port 7700
ports:
- 7400-7700:7400-7700
depends_on:
- adb
- dev-triproxy
- triproxy
- storage-temp
reaper:
image: openstf/stf:latest
restart: unless-stopped
environment:
- RETHINKDB_PORT_28015_TCP
depends_on:
- migrate
- rethinkdb
- dev-triproxy
- triproxy
command: stf reaper dev --connect-push tcp://dev-triproxy:7270 --connect-sub tcp://triproxy:7150 --heartbeat-timeout 30000
storage-plugin-apk:
image: openstf/stf:latest
restart: unless-stopped
command: stf storage-plugin-apk --port 3000 --storage-url https://${PUBLIC_IP}/
depends_on:
- storage-temp
storage-plugin-image:
image: openstf/stf:latest
restart: unless-stopped
command: stf storage-plugin-image --port 3000 --storage-url https://${PUBLIC_IP}/
depends_on:
- storage-temp
storage-temp:
build: storage-temp/
restart: unless-stopped
volumes:
- storage-temp:/app/data
command: stf storage-temp --port 3000 --save-dir /app/data
websocket:
image: openstf/stf:latest
restart: unless-stopped
environment:
- SECRET
- RETHINKDB_PORT_28015_TCP
command: stf websocket --port 3000 --storage-url https://${PUBLIC_IP}/ --connect-sub tcp://triproxy:7150 --connect-push tcp://triproxy:7170
depends_on:
- migrate
- rethinkdb
- storage-temp
- triproxy
- dev-triproxy
api:
image: openstf/stf:latest
restart: unless-stopped
environment:
- SECRET
- RETHINKDB_PORT_28015_TCP
command: stf api --port 3000 --connect-sub tcp://triproxy:7150 --connect-push tcp://triproxy:7170
depends_on:
- migrate
- rethinkdb
- triproxy

nginx.conf

worker_processes auto;

events {
worker_connections 1024;
}

http {
include /etc/nginx/conf.d/resolver.conf;
keepalive_timeout 65;
types_hash_max_size 2048;

default_type application/octet-stream;

upstream stf_app {
server app:3000 max_fails=0;
}

upstream stf_auth {
server auth:3000 max_fails=0;
}

upstream stf_storage_apk {
server storage-plugin-apk:3000 max_fails=0;
}

upstream stf_storage_image {
server storage-plugin-image:3000 max_fails=0;
}

upstream stf_storage {
server storage-temp:3000 max_fails=0;
}

upstream stf_websocket {
server websocket:3000 max_fails=0;
}

upstream stf_api {
server api:3000 max_fails=0;
}

types {
application/javascript js;
image/gif gif;
image/jpeg jpg;
text/css css;
text/html html;
}

map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 default_server;
listen [::]:443 default_server;
server_tokens off;
root /dev/null;

ssl_certificate     /etc/ssl/certs/2017.crt;
ssl_certificate_key /etc/ssl/certs/secway.key;    
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

location ~ "^/d/nuc/([^/]+)/(?<port>[0-9]{3,5})/$" {
  proxy_pass http://provider:$port/;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;
  proxy_set_header X-Forwarded-For $remote_addr;
  proxy_set_header X-Real-IP $remote_addr;
}

location /auth/ {
  proxy_pass http://stf_auth/auth/;
}

location /api/ {
  proxy_pass http://stf_api/api/;
}

location /s/image/ {
  proxy_pass http://stf_storage_image;
}

location /s/apk/ {
  proxy_pass http://stf_storage_apk;
}

location /s/ {
  client_max_body_size 1024m;
  client_body_buffer_size 128k;
  proxy_pass http://stf_storage;
}

location /socket.io/ {
  proxy_pass http://stf_websocket;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Real-IP $http_x_real_ip;
}

location / {
  proxy_pass http://stf_app;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Real-IP $http_x_real_ip;
}

}
}

Do I have to change the settings somewhere else?)

from stf-poc.

It's a little hard to read because of the formatting, switching in and out of code view.

In your config it looks like nginx is only listening on port 443, try listening on both, 80 and 443.
Your connection from the browser is still secure if you choose the right protocol.

from stf-poc.

configurations.txt
file with configurations attached...
Add 80 port to listening, unfortunately nothing has changed.
Should I use SECRET in .env ?
PUBLIC_IP=172.25.61.105
SECRET=change_me
RETHINKDB_PORT_28015_TCP=tcp://rethinkdb:28015
STATION_NAME=nuc

Yeah connection still secure after enter credentials
https://172.25.61.105/auth/mock/ after entering credentials https://172.25.61.105/ and blank screen, as I know should be https://172.25.61.105/#!/devices

docker-compose logs:
/var/lib/docker/image/stf-poc# docker-compose logs
Attaching to stf-poc_nginx_1, stf-poc_app_1, stf-poc_api_1, stf-poc_reaper_1, stf-poc_websocket_1, stf-poc_processor_1, stf-poc_migrate_1, stf-poc_provider_1, stf-poc_storage-plugin-image_1, stf-poc_storage-plugin-apk_1, stf-poc_auth_1, stf-poc_dev-triproxy_1, stf-poc_storage-temp_1, stf-poc_rethinkdb_1, stf-poc_adb_1, stf-poc_triproxy_1
nginx_1 | Got nameserver 127.0.0.11 from resolv.conf
nginx_1 | Writing include file at /etc/nginx/conf.d/resolver.conf
nginx_1 | 2018/09/11 15:01:01 [warn] 9#9: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/nginx.conf:65
nginx_1 | nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/nginx.conf:65
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:08 +0000] "GET /auth/mock/ HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:08 +0000] "GET /static/app/build/entry/commons.entry.js HTTP/1.1" 304 0 "https://172.25.61.105/auth/mock/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:08 +0000] "GET /static/app/build/entry/authmock.entry.js HTTP/1.1" 304 0 "https://172.25.61.105/auth/mock/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:08 +0000] "GET /static/app/build/5.ae9bc55246a499f206b6.chunk.js HTTP/1.1" 304 0 "https://172.25.61.105/auth/mock/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:08 +0000] "GET /static/logo/exports/STF-512.png HTTP/1.1" 304 0 "https://172.25.61.105/auth/mock/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:13 +0000] "POST /auth/api/v1/mock HTTP/1.1" 200 211 "https://172.25.61.105/auth/mock/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:13 +0000] "GET /?jwt=eyJhbGciOiJIUzI1NiIsImV4cCI6MTUzNjY3ODE2MDAxM30.eyJlbWFpbCI6IjFAMS5uYW1lLmNvbSIsIm5hbWUiOiIxQDEubmFtZS5jb20ifQ.V-RcrHvFeVpxg5NQ HTTP/1.1" 302 46 "https://172.25.61.105/auth/mock/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:14 +0000] "GET / HTTP/1.1" 304 0 "https://172.25.61.105/auth/mock/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:14 +0000] "GET /static/app/build/entry/app.entry.js HTTP/1.1" 304 0 "https://172.25.61.105/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:14 +0000] "GET /static/app/build/entry/commons.entry.js HTTP/1.1" 304 0 "https://172.25.61.105/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1 | 172.25.61.54 - - [11/Sep/2018:15:01:14 +0000] "GET /app/api/v1/state.js HTTP/1.1" 200 308 "https://172.25.61.105/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
api_1 | 2018-09-11T15:01:05.685Z INF/api 1 [] Subscribing to permanent channel "ALL"
api_1 | 2018-09-11T15:01:06.066Z INF/api 1 [] Listening on port 3000
api_1 | 2018-09-11T15:01:06.124Z INF/api 1 [] Sending output to "tcp://triproxy:7170"
api_1 | 2018-09-11T15:01:06.139Z INF/api 1 [] Receiving input from "tcp://triproxy:7150"
api_1 | 2018-09-11T15:01:07.358Z INF/db 1 [] Connecting to rethinkdb:28015
app_1 | 2018-09-11T15:01:03.662Z INF/app 1 [] Using pre-built resources
app_1 | 2018-09-11T15:01:03.762Z INF/app 1 [] Listening on port 3000
app_1 | 2018-09-11T15:01:03.767Z INF/db 1 [] Connecting to rethinkdb:28015
reaper_1 | 2018-09-11T15:01:00.308Z INF/reaper 1 [dev] Subscribing to permanent channel "ALL"
reaper_1 | 2018-09-11T15:01:00.347Z INF/reaper 1 [dev] Reaping devices with no heartbeat
reaper_1 | 2018-09-11T15:01:00.407Z INF/db 1 [dev] Connecting to rethinkdb:28015
reaper_1 | 2018-09-11T15:01:00.551Z INF/reaper 1 [dev] Receiving input from "tcp://triproxy:7150"
reaper_1 | 2018-09-11T15:01:00.583Z INF/reaper 1 [dev] Sending output to "tcp://dev-triproxy:7270"
websocket_1 | 2018-09-11T15:01:03.404Z INF/websocket 1 [] Subscribing to permanent channel "ALL"
websocket_1 | 2018-09-11T15:01:03.457Z INF/websocket 1 [] Listening on port 3000
websocket_1 | 2018-09-11T15:01:03.463Z INF/db 1 [] Connecting to rethinkdb:28015
websocket_1 | 2018-09-11T15:01:03.501Z INF/websocket 1 [] Sending output to "tcp://triproxy:7170"
websocket_1 | 2018-09-11T15:01:03.533Z INF/websocket 1 [] Receiving input from "tcp://triproxy:7150"
processor_1 | 2018-09-11T15:00:58.463Z INF/db 1 [] Connecting to rethinkdb:28015
processor_1 | 2018-09-11T15:00:58.860Z INF/processor 1 [19aef1222d75] App dealer connected to "tcp://triproxy:7160"
processor_1 | 2018-09-11T15:00:58.872Z INF/processor 1 [19aef1222d75] Device dealer connected to "tcp://dev-triproxy:7260"
migrate_1 | 2018-09-11T15:00:54.474Z INF/db 1 [] Connecting to rethinkdb:28015
migrate_1 | 2018-09-11T15:00:55.100Z INF/db:setup 1 [] Database "stf" already exists
migrate_1 | 2018-09-11T15:00:55.337Z INF/db:setup 1 [] Table "users" already exists
migrate_1 | 2018-09-11T15:00:55.337Z INF/db:setup 1 [] Table "accessTokens" already exists
migrate_1 | 2018-09-11T15:00:55.380Z INF/db:setup 1 [] Table "vncauth" already exists
migrate_1 | 2018-09-11T15:00:55.380Z INF/db:setup 1 [] Table "devices" already exists
migrate_1 | 2018-09-11T15:00:55.380Z INF/db:setup 1 [] Table "logs" already exists
migrate_1 | 2018-09-11T15:00:55.934Z INF/db:setup 1 [] Index "users"."adbKeys" already exists
migrate_1 | 2018-09-11T15:00:55.934Z INF/db:setup 1 [] Index "accessTokens"."email" already exists
migrate_1 | 2018-09-11T15:00:55.934Z INF/db:setup 1 [] Index "vncauth"."response" already exists
migrate_1 | 2018-09-11T15:00:55.934Z INF/db:setup 1 [] Index "vncauth"."responsePerDevice" already exists
migrate_1 | 2018-09-11T15:00:55.934Z INF/db:setup 1 [] Index "devices"."owner" already exists
migrate_1 | 2018-09-11T15:00:55.934Z INF/db:setup 1 [] Index "devices"."present" already exists
migrate_1 | 2018-09-11T15:00:55.934Z INF/db:setup 1 [] Index "devices"."providerChannel" already exists
migrate_1 | 2018-09-11T15:00:55.934Z INF/db:setup 1 [] Waiting for index "users"."adbKeys"
migrate_1 | 2018-09-11T15:00:55.970Z INF/db:setup 1 [] Waiting for index "accessTokens"."email"
migrate_1 | 2018-09-11T15:00:55.974Z INF/db:setup 1 [] Waiting for index "vncauth"."response"
migrate_1 | 2018-09-11T15:00:55.989Z INF/db:setup 1 [] Waiting for index "vncauth"."responsePerDevice"
migrate_1 | 2018-09-11T15:00:55.990Z INF/db:setup 1 [] Waiting for index "devices"."owner"
migrate_1 | 2018-09-11T15:00:56.019Z INF/db:setup 1 [] Waiting for index "devices"."present"
migrate_1 | 2018-09-11T15:00:56.019Z INF/db:setup 1 [] Waiting for index "devices"."providerChannel"
migrate_1 | 2018-09-11T15:00:56.071Z INF/db:setup 1 [] Index "users"."adbKeys" is ready
migrate_1 | 2018-09-11T15:00:56.071Z INF/db:setup 1 [] Index "accessTokens"."email" is ready
migrate_1 | 2018-09-11T15:00:56.071Z INF/db:setup 1 [] Index "vncauth"."response" is ready
migrate_1 | 2018-09-11T15:00:56.105Z INF/db:setup 1 [] Index "vncauth"."responsePerDevice" is ready
migrate_1 | 2018-09-11T15:00:56.107Z INF/db:setup 1 [] Index "devices"."owner" is ready
migrate_1 | 2018-09-11T15:00:56.107Z INF/db:setup 1 [] Index "devices"."present" is ready
migrate_1 | 2018-09-11T15:00:56.141Z INF/db:setup 1 [] Index "devices"."providerChannel" is ready
provider_1 | 2018-09-11T15:01:05.589Z INF/provider 1 [] Subscribing to permanent channel "fnItqIMSQQaUcqWQh/lGoA=="
provider_1 | 2018-09-11T15:01:05.689Z INF/provider 1 [] Sending output to "tcp://dev-triproxy:7270"
provider_1 | 2018-09-11T15:01:05.703Z INF/provider 1 [] Receiving input from "tcp://dev-triproxy:7250"
provider_1 | 2018-09-11T15:01:05.808Z INF/provider 1 [] Tracking devices
storage-plugin-apk_1 | 2018-09-11T15:00:58.812Z INF/storage:plugins:apk 1 [] Listening on port 3000
storage-plugin-image_1 | 2018-09-11T15:00:58.609Z INF/storage:plugins:image 1 [] Listening on port 3000
auth_1 | 2018-09-11T15:00:55.054Z INF/auth-mock 1 [] Listening on port 3000
auth_1 | 2018-09-11T15:01:13.612Z INF/auth-mock 1 [::ffff:172.18.0.17] Authenticated "[email protected]"
dev-triproxy_1 | 2018-09-11T15:00:44.755Z INF/triproxy 1 [dev] PUB socket bound on tcp://:7250
dev-triproxy_1 | 2018-09-11T15:00:44.779Z INF/triproxy 1 [dev] DEALER socket bound on tcp://:7260
dev-triproxy_1 | 2018-09-11T15:00:44.787Z INF/triproxy 1 [dev] PULL socket bound on tcp://:7270
storage-temp_1 | 2018-09-11T15:00:52.654Z INF/storage:temp 1 [] Listening on port 3000
rethinkdb_1 | Running rethinkdb 2.3.6~0jessie (GCC 4.9.2)...
rethinkdb_1 | Running on Linux 4.15.0-34-generic x86_64
rethinkdb_1 | Loading data from directory /data/rethinkdb_data
rethinkdb_1 | Listening for intracluster connections on port 29015
rethinkdb_1 | Listening for client driver connections on port 28015
rethinkdb_1 | Listening for administrative HTTP connections on port 8080
rethinkdb_1 | Listening on cluster addresses: 127.0.0.1, 172.18.0.4
rethinkdb_1 | Listening on driver addresses: 127.0.0.1, 172.18.0.4
rethinkdb_1 | Listening on http addresses: 127.0.0.1, 172.18.0.4
rethinkdb_1 | Server ready, "f9f302f9a3af_drr" 0fc282ea-1d04-4497-a96a-14e3988d79e6
adb_1 | adb I 09-11 15:00:39 6 6 adb_auth_host.cpp:416] adb_auth_init...
adb_1 | adb I 09-11 15:00:39 6 6 adb_auth_host.cpp:174] read_key_file '/root/.android/adbkey'...
adb_1 | adb I 09-11 15:00:39 6 6 adb_auth_host.cpp:391] adb_auth_inotify_init...
triproxy_1 | 2018-09-11T15:00:43.289Z INF/triproxy 1 [app] PUB socket bound on tcp://:7150
triproxy_1 | 2018-09-11T15:00:43.350Z INF/triproxy 1 [app] DEALER socket bound on tcp://:7160
triproxy_1 | 2018-09-11T15:00:43.359Z INF/triproxy 1 [app] PULL socket bound on tcp://*:7170

from stf-poc.

@mdenissov , @nikosch86 Guys, where are you? need yours help :)

from stf-poc.

As expected, it just works, not sure what your problem is, it is also very hard to see what you changed and what the output is.

diff --git a/docker-compose.yml b/docker-compose.yml
index aecbed3..fd621c7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,6 +12,7 @@ services:
     restart: unless-stopped
     ports:
       - 80:80
+      - 443:443
     depends_on:
       - app
       - auth
@@ -37,7 +38,7 @@ services:
     environment:
       - RETHINKDB_PORT_28015_TCP
       - SECRET
-    command: stf app --auth-url http://${PUBLIC_IP}/auth/mock/ --websocket-url ws://${PUBLIC_IP}/ --port 3000
+    command: stf app --auth-url https://${PUBLIC_IP}/auth/mock/ --websocket-url wss://${PUBLIC_IP}/ --port 3000
     depends_on:
       - rethinkdb
       - auth
@@ -47,7 +48,7 @@ services:
     restart: unless-stopped
     environment:
       - SECRET
-    command: stf auth-mock --app-url http://${PUBLIC_IP}/ --port 3000
+    command: stf auth-mock --app-url https://${PUBLIC_IP}/ --port 3000
   processor:
     image: openstf/stf:latest
     restart: unless-stopped
@@ -76,7 +77,7 @@ services:
   provider:
     image: openstf/stf:latest
     restart: unless-stopped
-    command: stf provider --name ${STATION_NAME} --connect-sub tcp://dev-triproxy:7250 --connect-push tcp://dev-triproxy:7270 --storage-url http://${PUBLIC_IP}/ --public-ip ${PUBLIC_IP} --heartbeat-interval 10000 --screen-ws-url-pattern "ws://${PUBLIC_IP}/d/nuc/<%= serial %>/<%= publicPort %>/" --adb-host adb --min-port 7400 --max-port 7700
+    command: stf provider --name ${STATION_NAME} --connect-sub tcp://dev-triproxy:7250 --connect-push tcp://dev-triproxy:7270 --storage-url https://${PUBLIC_IP}/ --public-ip ${PUBLIC_IP} --heartbeat-interval 10000 --screen-ws-url-pattern "wss://${PUBLIC_IP}/d/nuc/<%= serial %>/<%= publicPort %>/" --adb-host adb --min-port 7400 --max-port 7700
     ports:
       - 7400-7700:7400-7700
     depends_on:
@@ -98,13 +99,13 @@ services:
   storage-plugin-apk:
     image: openstf/stf:latest
     restart: unless-stopped
-    command: stf storage-plugin-apk --port 3000 --storage-url http://${PUBLIC_IP}/
+    command: stf storage-plugin-apk --port 3000 --storage-url https://${PUBLIC_IP}/
     depends_on:
       - storage-temp
   storage-plugin-image:
     image: openstf/stf:latest
     restart: unless-stopped
-    command: stf storage-plugin-image --port 3000 --storage-url http://${PUBLIC_IP}/
+    command: stf storage-plugin-image --port 3000 --storage-url https://${PUBLIC_IP}/
     depends_on:
       - storage-temp
   storage-temp:
@@ -119,7 +120,7 @@ services:
     environment:
       - SECRET
       - RETHINKDB_PORT_28015_TCP
-    command: stf websocket --port 3000 --storage-url http://${PUBLIC_IP}/ --connect-sub tcp://triproxy:7150 --connect-push tcp://triproxy:7170
+    command: stf websocket --port 3000 --storage-url https://${PUBLIC_IP}/ --connect-sub tcp://triproxy:7150 --connect-push tcp://triproxy:7170
     depends_on:
       - migrate
       - rethinkdb
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index aae7f46..4b99ef6 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,5 +1,7 @@
 FROM nginx:mainline
 
+COPY ./cert* /etc/ssl/private/
+
 COPY ./entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index ee3c83e..4cfcfaf 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -54,10 +54,17 @@ http {
 
   server {
     listen        80 default_server;
+    listen        443 ssl http2;
     listen        [::]:80 default_server;
     server_tokens off;
     root          /dev/null;
 
+    server_name           .something.com;
+    ssl_certificate       /etc/ssl/private/cert.pem;
+    ssl_certificate_key   /etc/ssl/private/cert.key;
+    ssl_protocols TLSv1.2 TLSv1.1 TLSv1; # Score=95 (recommended)
+    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+
 
     location ~ "^/d/nuc/([^/]+)/(?<port>[0-9]{3,5})/$" {
       proxy_pass http://provider:$port/;

from stf-poc.

closing due to inactivity

from stf-poc.