As written in the Kinto docs, I can specify a custom configuration this way:
docker run --env-file ./kinto.env -p 8888:8888 kinto/kinto-server.
Also, it seems I can suggest an http scheme using the http_scheme property.
Now, if I:
- Put
KINTO_HTTP_SCHEME=httpsin thekinto.envfile; - Run Kinto via the command above, and;
- Go to https://example.com:8888/v1/;
I get a blank page.
Additional Info
If I navigate to http://example.com:8888/v1/ instead, I get the usual JSON config stamped on the page. This JSON also contains a url property
which is https://example.com:8888/v1/ (and not http://example.com:8888/v1/), so something seems to be happening: the .env file is read. The link is clickable, but if I click it I still get a blank page.
Is this a bug? How do I fix this?
Notes
It is important because Chrome won't allow me to serve http content if the page is served via https. It completely blocks out the request, showing an appropriate error in the console: d Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure resource 'http://example.com:8888/v1/'. This request has been blocked; the content must be served over HTTPS.
Kinto says: Fetch API cannot load http://example.com:8888/v1/. Failed to start.
Error: HTTP 0; TypeError: Failed to fetch(…)
It depends how you run Kinto.
pserveuses the waitress server by default, which doesn't have any HTTPS suppport.Alternative servers can be used as a replacement (gunicorn or uwsgi for instance) as a replacement for pserve, by specifying it in the .ini file.
Here are pointers to the proper documentation:
For instance, with unicorn it would look like this:
And then configure gevent to do the SSL:
For uwsgi, you have a default configuration in the documentation, seehttp://kinto.readthedocs.org/en/latest/configuration/production.html?highlight=uwsgi#running-with-uwsgi
Hope that helps.
Or, you can use NGINX or haproxy to do the SSL termination for you.