fix(UI): use https when calling the api (#139)

Signed-off-by: Michele Dolfi <[email protected]>

Author: dolfim-ibm

docling_serve/gradio_ui.py

@@ -1,11 +1,13 @@
 import importlib
 import json
 import logging
+import ssl
 import tempfile
 from pathlib import Path
 
+import certifi
 import gradio as gr
-import requests
+import httpx
 
 from docling_serve.helper_functions import _to_list_of_strings
 from docling_serve.settings import docling_serve_settings, uvicorn_settings
@@ -109,8 +111,29 @@
 #############
 
 
+def get_api_endpoint() -> str:
+    protocol = "http"
+    if uvicorn_settings.ssl_keyfile is not None:
+        protocol = "https"
+    return f"{protocol}://{docling_serve_settings.api_host}:{uvicorn_settings.port}"
+
+
+def get_ssl_context() -> ssl.SSLContext:
+    ctx = ssl.create_default_context(cafile=certifi.where())
+    kube_sa_ca_cert_path = Path(
+        "/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+    )
+    if (
+        uvicorn_settings.ssl_keyfile is not None
+        and ".svc." in docling_serve_settings.api_host
+        and kube_sa_ca_cert_path.exists()
+    ):
+        ctx.load_verify_locations(cafile=kube_sa_ca_cert_path)
+    return ctx
+
+
 def health_check():
-    response = requests.get(f"http://localhost:{uvicorn_settings.port}/health")
+    response = httpx.get(f"{get_api_endpoint()}/health")
     if response.status_code == 200:
         return "Healthy"
     return "Unhealthy"
@@ -231,9 +254,12 @@ def process_url(
         logger.error("No input sources provided.")
         raise gr.Error("No input sources provided.", print_exception=False)
     try:
-        response = requests.post(
-            f"http://localhost:{uvicorn_settings.port}/v1alpha/convert/source",
+        ssl_ctx = get_ssl_context()
+        response = httpx.post(
+            f"{get_api_endpoint()}/v1alpha/convert/source",
             json=parameters,
+            verify=ssl_ctx,
+            timeout=60,
         )
     except Exception as e:
         logger.error(f"Error processing URL: {e}")
@@ -287,10 +313,13 @@ def process_file(
     }
 
     try:
-        response = requests.post(
-            f"http://localhost:{uvicorn_settings.port}/v1alpha/convert/file",
+        ssl_ctx = get_ssl_context()
+        response = httpx.post(
+            f"{get_api_endpoint()}/v1alpha/convert/file",
             files=files_data,
             data=parameters,
+            verify=ssl_ctx,
+            timeout=60,
         )
     except Exception as e:
         logger.error(f"Error processing file(s): {e}")

docling_serve/settings.py

@@ -32,6 +32,7 @@ class DoclingServeSettings(BaseSettings):
     )
 
     enable_ui: bool = False
+    api_host: str = "localhost"
     artifacts_path: Optional[Path] = None
     static_path: Optional[Path] = None
     options_cache_size: int = 2

docs/deploy-examples/docling-serve-oauth.yaml

@@ -107,10 +107,10 @@ spec:
         - name: api
           resources:
             limits:
-              cpu: 500m
+              cpu: 2000m
               memory: 2Gi
             requests:
-              cpu: 250m
+              cpu: 800m
               memory: 1Gi
           readinessProbe:
             httpGet:
@@ -128,13 +128,19 @@ spec:
               port: http
               scheme: HTTPS
             initialDelaySeconds: 3
-            timeoutSeconds: 2
-            periodSeconds: 5
+            timeoutSeconds: 4
+            periodSeconds: 10
             successThreshold: 1
-            failureThreshold: 3
+            failureThreshold: 5
           env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
             - name: DOCLING_SERVE_ENABLE_UI
               value: 'true'
+            - name: DOCLING_SERVE_API_HOST
+              value: 'docling-serve.$(NAMESPACE).svc.cluster.local'
             - name: UVICORN_SSL_CERTFILE
               value: '/etc/tls/private/tls.crt'
             - name: UVICORN_SSL_KEYFILE