Success. System is up and running.

botfrontend/chatroom/templates/chatroom/index.html

@@ -1215,7 +1215,7 @@
 
   <script type="text/javascript">
     var chatroom = new window.Chatroom({
-      host: "http://192.168.58.7/",
+      host: "https://dsysang.site/",
       title: "Chat with Mike",
       container: document.querySelector(".chat-container"),
       welcomeMessage: "Hi, I am Mike. How may I help you?",

botserver-app/credentials.yml

@@ -35,7 +35,7 @@
 rasa:
   url: ${RASA_X_HOST}/api
 rest:
-# telegram:
-#   access_token: "1847122684:AAHtP6zFk4YWHRnA39M-5f6vGJh-zDazm2U"
-#   verify: "Rasaclient_bot"
-#   webhook_url: "https://your_url.com/webhooks/telegram/webhook"
+telegram:
+  access_token: "5333378080:AAEn_5AiKxMR_9tziU5wcCYZH960Us9wI44"
+  verify: "x160522Bot"
+  webhook_url: "https://dsysang.site/webhooks/telegram/webhook"

certbot/.gitignore

@@ -0,0 +1 @@
+*

certs/.gitignore

@@ -0,0 +1 @@
+*

docker-builds/Dockerfile

@@ -0,0 +1,147 @@
+
+# ACKNOWLEDGE:
+# This works would be impossible without the learning from 
+# https://github.com/floydhub/dockerfiles/blob/master/dl/tensorflow/2.4/Dockerfile-py3_aws
+
+FROM docker.io/bitnami/minideb:buster
+MAINTAINER Sang Dao "sysangtiger@gmail.com"
+
+ARG TENSORFLOW_VERSION=v2.6.4
+ARG KERAS_VERSION=v2.6.0
+
+# ENV GPG_KEY 10822726f75fd7efe05a94fbd6ac2258
+ENV PYTHON_VERSION 3.8.13
+
+ENV CI_BUILD_PYTHON python
+
+ENV BAZEL_VERSION 3.7.2
+
+# > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
+ENV LANG C.UTF-8
+
+RUN apt-get update && apt-get install -y --no-install-recommends gnupg2 \
+    git git-core unzip curl wget ca-certificates \
+    build-essential pkg-config graphviz-dev libpng-dev \
+    libssl-dev openssh-client openssl \
+    g++ zlib1g-dev dpkg-dev tcl-dev tk-dev \
+    # libffi7 \
+    libffi-dev
+
+# http://bugs.python.org/issue19846
+RUN set -ex \
+	&& wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \
+	&& wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \
+	&& export GNUPGHOME="$(mktemp -d)" \
+	# Warning: connection to keyserver is pretty unstable, so it can fail multiple times during the build
+	# && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
+	# && gpg --batch --verify python.tar.xz.asc python.tar.xz \
+	&& rm -r "$GNUPGHOME" python.tar.xz.asc \
+	&& mkdir -p /usr/src/python \
+	&& tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \
+	&& rm python.tar.xz \
+	\
+	&& cd /usr/src/python \
+	&& gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
+	&& ./configure \
+		--build="$gnuArch" \
+		--with-tcltk-includes='-I/usr/include/tk -I/usr/include/tcl' \
+		--with-tcltk-libs='/usr/lib/x86_64-linux-gnu/libtcl.so /usr/lib/x86_64-linux-gnu/libtk.so' \
+		--enable-loadable-sqlite-extensions \
+		--enable-shared \
+		--with-system-expat \
+		--with-system-ffi \
+		--without-ensurepip \
+	&& make -j$(nproc) \
+	&& make install \
+	&& ldconfig \
+	&& find /usr/local -depth \
+		\( \
+			\( -type d -a -name test -o -name tests \) \
+			-o \
+			\( -type f -a -name '*.pyc' -o -name '*.pyo' \) \
+		\) -exec rm -rf '{}' + \
+	&& rm -rf /usr/src/python ~/.cache
+
+# make some useful symlinks that are expected to exist
+RUN cd /usr/local/bin \
+	&& { [ -e easy_install ] || ln -s easy_install-* easy_install; } \
+	&& ln -s idle3 idle \
+	&& ln -s pydoc3 pydoc \
+	&& ln -s python3 python \
+	&& ln -s python3-config python-config
+
+# ENV PYTHON_PIP_VERSION 22.1
+
+RUN set -ex; \
+    \
+    wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
+    \
+    python get-pip.py \
+        --disable-pip-version-check \
+        --no-cache-dir \
+        # "pip==$PYTHON_PIP_VERSION" \
+    ; \
+    pip --version; \
+    \
+    find /usr/local -depth \
+        \( \
+            \( -type d -a \( -name test -o -name tests \) \) \
+            -o \
+            \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \
+        \) -exec rm -rf '{}' +; \
+    rm -f get-pip.py
+
+# install deps for tf build :(
+RUN pip --no-cache-dir install \
+    funcsigs \
+    pbr \
+    mock \
+    wheel \
+    keras_applications \
+    keras_preprocessing \
+    numpy~=1.21.4 \
+    --no-deps \
+    && rm -rf /pip_pkg \
+    && rm -rf /tmp/* \
+    && rm -rf /root/.cache
+
+COPY ./bazel_3.7.2-linux-x86_64.deb /bazel_3.7.2-linux-x86_64.deb
+
+# RUN curl -LO "https://github.com/bazelbuild/bazel/releases/download/${BAZEL_VERSION}/bazel_${BAZEL_VERSION}-linux-x86_64.deb" \
+RUN dpkg --force-confnew -i bazel_*.deb \
+    && apt-get clean \
+    && rm bazel_*.deb
+
+# NOTE: run `git clone https://github.com/tensorflow/tensorflow.git --branch v2.6.4 --single-branch`
+# For build configuration see: 
+# - https://waxz.gitbooks.io/dl/content/compile-tensorflow-with-sse42-and-avx-instructions.html
+# - https://stackoverflow.com/questions/41293077/how-to-compile-tensorflow-with-sse4-2-and-avx-instructions
+
+COPY ./tensorflow-v2.6.4 /tensorflow
+RUN cd tensorflow \
+    && tensorflow/tools/ci_build/builds/configured CPU \
+        bazel build -c opt --copt=-march=native --copt=-mfpmath=both \
+	--config=v2 \
+             \
+            --verbose_failures \
+            tensorflow/tools/pip_package:build_pip_package \
+    && bazel-bin/tensorflow/tools/pip_package/build_pip_package /tmp/pip \
+    && pip --no-cache-dir install --upgrade /tmp/pip/tensorflow-*.whl \
+    && rm -rf /pip_pkg \
+    && rm -rf /tmp/* \
+    && rm -rf /root/.cache \
+    && cd .. && rm -rf tensorflow
+
+
+# Fix Jupyterlab - see https://github.com/jupyter/jupyter/issues/401
+# TODO: move this on dl-base
+RUN pip --no-cache-dir install --upgrade notebook \
+    && rm -rf /pip_pkg \
+    && rm -rf /tmp/* \
+    && rm -rf /root/.cache
+
+RUN apt-get clean \
+    && apt-get autoremove -y \
+    && rm -rf /var/cache/apt/archives/* \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -rf /tensorflow

docker-compose.yml

@@ -40,11 +40,11 @@ x-rasax-credentials: &rasax-credentials
   RASA_TOKEN: ${RASA_TOKEN}
 
 x-rasa-credentials: &rasa-credentials
-  <<: *rabbitmq-credentials
   <<: *rasax-credentials
+  <<: *duckling-credentials
   <<: *database-credentials
   <<: *redis-credentials
-  <<: *duckling-credentials
+  <<: *rabbitmq-credentials
   RASA_TOKEN: ${RASA_TOKEN}
   RASA_MODEL_PULL_INTERVAL: 10
   RABBITMQ_QUEUE: "rasa_production_events"
@@ -182,6 +182,7 @@ services:
       - "80:8080"
       - "443:8443"
     volumes:
+      - ./certbot:/etc/certbot
       - ./certs:/etc/certs
       - ./nginx-config-files/nginx.conf:/etc/nginx/nginx.conf
       - ./nginx-config-files/ssl.conf.template:/etc/nginx/templates/ssl.conf.template

nginx-config-files/rasax.nginx.template

@@ -7,8 +7,10 @@ upstream docker-rasax-api {
 }
 
 server {
-  listen            8080;
-#  include           /etc/nginx/conf.d/ssl.conf; # uncomment if using ssl; see ssl.conf.template for example configuration
+# listen            8080;
+  server_name dsysang.site;
+
+  include /etc/nginx/conf.d/ssl.conf;
 
   keepalive_timeout   30;
   client_max_body_size 800M;

nginx-config-files/ssl.conf.template

@@ -1,7 +1,14 @@
 # This is an example SSL configuration
 # Uncomment and adapt for your deployment as needed
-# listen                  8443 ssl;
 
-# # server_name           example.com;
-# ssl_certificate         /etc/nginx/certs/fullchain.pem;
-# ssl_certificate_key     /etc/nginx/certs/privkey.pem;
+listen                  8443 ssl;
+ssl_certificate         /etc/certs/fullchain.pem;
+ssl_certificate_key     /etc/certs/privkey.pem;
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:SSL:50m;
+ssl_session_timeout 1d;
+ssl_session_tickets off;
+ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;

note.md

@@ -0,0 +1,5 @@
+# SSL Setup using acme.sh
+wget -O -  https://get.acme.sh | sh -s email="sysangtiger@gmail.com" --install --force --home /etc/certbot  
+/root/.acme.sh/acme.sh --issue -d dsysang.site --nginx /etc/nginx/conf.d/rasax.nginx --home /etc/certbot/ --server buypass --force  
+/root/.acme.sh/acme.sh --install-cert -d dsysang.site --cert-file /etc/certs/fullchain.pem --key-file /etc/certs/privkey.pem --home /etc/certbot/  
+