Emily CLI Documentation

Release-v3.0.6

Emily combines the powers of Python and Docker to build stable and consistent machine learning and datascience python environments. Emily is useful for large cross-team project development as well as for simply running a single jupyter notebook or python script.

Download emily@v3.0.6
See earlier versions
$ emily configuration add compose nginx [options]

Add an Nginx reverse proxy to your project, ensuring secure connections over HTTPS.

$ emily configuration add compose nginx

? Emily: Choose a project(Use arrow keys, confirm with ENTER)> M9VHKD - my-project
AB82JD - movie-recommender
· M9VHKD - my-project
? Emily: Please select a configuration(Use arrow keys, confirm with ENTER)> dev
+ Add a new configuration
· dev
Emily: Please enter the domain to create SSL (HTTPS) certificates for:
· johnsmith.com
Emily: Please enter an email address for SSL certificate creation::
· me@johnsmith.com
Emily: Added an Nginx reverse proxy to project nginx-test (C4HW2P) in configuration
in configuration dev. Created files:
- /my/projects/my-project/configurations/dev/docker-compose.nginx.yml
- /my/projects/my-project/configurations/dev/nginx/substitute.sh
- /my/projects/my-project/configurations/dev/nginx/Dockerfile.nginx
- /my/projects/my-project/configurations/dev/nginx/nginx.template.conf
- /my/projects/my-project/configurations/dev/nginx/.docker-compose.certbot.yml

Traffic is now rerouted:

Request -> https://johnsmith.com -> http://emily-nginx-test-c4hw2p:${CONTAINER_PORT}
Request -> http://johnsmith.com -> https://johnsmith.com -> http://emily-nginx-test-c4hw2p:${CONTAINER_PORT}

Certificates are renewed (or created if missing) on
deployment.

IMPORTANT:

Remember to remove the ports mapping from
the docker-compose.emily.yml file. Unless removed, requesters
will be able to circumvent HTTPS.


Adding Nginx configurations

It is often desirable to host a microservice behind a secured HTTPS connection. To facilitate this, a common strategy is to proxy the microservice behind a reverse proxy certified using SSL certificates.

The emily configuration add compose nginx command creates a Docker Compose configuration that adds the following to a project:

  1. An Nginx reverse proxy service
  2. A certifcate service that automatically creates/renews SSL certificates on deployment
  3. Reverse proxying of HTTP(S) requests to the Emily service

Reverse proxy

The Nginx reverse proxy listens on the host ports 80 (HTTP) and 443 (HTTPS).

  • All http:// requests wil be redirected (HTTP 301) to https:// to ensure that all connections reaching the microservice are secured.

  • All https:// requests will be proxied as-is to the service.

For example, say our project contains the following endpoints:

  1. http://my-project-m9vhkd:4242/api
  2. http://my-project-m9vhkd:4242/api/predict

After running the command:

$ emily configuration add compose nginx
--domain ai.company.com


... those endpoints will be available over a secured connection as:

  1. https://ai.company.com/api
  2. https://ai.company.com/api/predict

Certificate creation and renewal

Emily will automatically create and renew SSL certificates each time your project is deployed to a server. The email address provided with --email will receive expiry notifications when the SSL certificate needs to be renewed.

Certificates are valid for 3 months.

Modifying the reverse proxy

By default, only the current project service will be proxied by the Nginx reverse proxy. However, it's completely possible to proxy multiple services running on the server.

The Nginx reverse proxy configuration is found as a template file under ./configurations/<configuration>/nginx/nginx.template.conf. To proxy another service, simply add a new location under the server listening on port 443 (HTTPS):

... http { ... server { listen 443 default_server ssl http2; ... server_name ai.company.com; ## Add a new location specifying that all requests for https://ai.company.com/auth ## will be proxied to a Docker Compose service called "emily-auth-service-ks882" on port 4242. ## NOTE: Ensure that the Nginx service (docker-compose.nginx.yml) and the emily-auth-service-ks882 ## service are running on the same Docker network. location /auth { proxy_pass http://emily-auth-service-ks882:4242/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto https; } ## All requests that haven't matched any locations before this one will be redirected to ## the default Emily project service. location / { proxy_pass http://${COMPOSE_PROJECT_NAME}:${CONTAINER_PORT}/; ... } } }

For additional configuration options, consult the Nginx documentation.

You can use Emily environment variables inside Nginx template files. Any environment variable in the environment you're deploying can be inserted dynamically into the configuration by specifying ${MY_VARIABLE} anywhere in the configuration.

Remember to add ${MY_VARIABLE} to ./configurations/<configuration>/nginx/substitute.sh to make sure the variable is substituted when the Nginx service is started.

    Options

  • -h,--help

    Display help for command

  • -d,--domain<domain>

    The domain that points to your server's IP (e.g. johnsmith.com).

  • -e,--email<address>

    The email address to use for SSL certificate creation. This email address will receive certificate expiry warnings.

  • -n,--name<name>

    The name of the configuration

  • -p,--project<project>

    The project to manage configurations for.

  • -s,--silent

    Execute Emily silently. (default: false)

  • -u,--update(--no-update)

    Prompt for update if newer version found. (default: true)

  • -vb,--verbose

    Print detailed information while running commands.