docassemble icon indicating copy to clipboard operation
docassemble copied to clipboard

Published 20 hours ago verified publisher icon jhpyle

docassemble not starting without direct internet access

Open mungo312 opened this issue 3 years ago • 2 comments

Hi,

I'm trying to start docassemble in a corporate environment without direct internet access. It is getting stuck after the output initialize: Creating tables. On a workstation with internet access I saw that after that the nltk is downloading some data. In our environment this is not possible or allowed through a direct connection. If this is realy necessary we can use a http proxy. When setting the proxy via the environment it trie to use it but gets a certificate error, because our root ca is not imported in the docker container.

I see some solutions for the problem:

  • Add an option to disable download and usage of nltk (I don't know which features use it)
  • Add an option to disable donwload an ship the data in the Image (maybe there is a licensing problem with this).
  • Add an option to import custom certificates to the trust store and document the need for a connection to the internet.

My python knowledge is far away from good, so I can help with the tests but not with the development.

mungo312 avatar Jan 28 '22 07:01 mungo312

Thanks! I am going to change the Dockerfile so that the nltk data files are downloaded when the image is created. I'll also check to see if there is any other dependency that needs the internet. For the most part, Docassemble doesn't require an internet connection; e.g., it doesn't use CDNs for JavaScript and CSS.

I have never had to use a proxy server, so I don't know much about how they are typically configured. I thought it was possible to configure Docker itself so that Docker's networking layer used the proxy server. That way the root certificate could be installed on the host and it wouldn't need to be installed in every container. But if you know of an open-source Dockerized application that has a configuration option for importing custom root certificates into the container, let me know and I can try to emulate its methodology.

jhpyle avatar Jan 28 '22 11:01 jhpyle

Hi, thanks for the fast response. Thats realy great. That's one of the problems in enterprise environments ... Proxies are on of the greatest problems you can have 🙈 I had the certificate problem in various containers, the solution depends on the OS inside the container. I think there is a debian inside your container, so it would be possible to mount the needed root CA inside the container and then run update-ca-certificates on startup.

mungo312 avatar Jan 29 '22 21:01 mungo312

Closing this because of lack of activity.

jhpyle avatar Dec 03 '23 20:12 jhpyle