[Paraview] Paraview Web with SSL
Sebastien Jourdain
sebastien.jourdain at kitware.com
Thu Aug 25 10:32:39 EDT 2016
Thanks Daniel,
the documentation explain how to do it in a slightly more secure way with
groups and so on... ;-)
On Thu, Aug 25, 2016 at 1:20 AM, Daniel Zuidinga <info at seoaachen.de> wrote:
> I allowed read/write permissions for proxy.txt for all. Now it works!
> Thank you very much. I hope I can contribute to paraview web when I am more
> into it.
>
>
> Am 25.08.2016 um 01:19 schrieb Sebastien Jourdain:
>
> Looking at your system log you may have some hints on what is going wrong.
> (Still leaning toward file system security issue)
>
> The sessionId could still be sent back but if the launcher can not write
> that file, then apache could not figure out its mapping.
>
> What linux version are you running it on?
>
>
> On Wed, Aug 24, 2016 at 4:12 PM, Daniel Zuidinga <info at seoaachen.de>
> wrote:
>
>> yes that file has contents. otherwise the sessionID also wouldn't be send
>> back?
>>
>> any ideas how to fix the ws communication?
>>
>>
>> Am 24.08.2016 um 23:44 schrieb Sebastien Jourdain:
>>
>> Yes it seems the ws forwarding is not working.
>>
>> if you cat that file you should see some content with that id and a
>> host/port that apache should use to connect to the server that is running
>> paraview.
>>
>> Otherwise the documentation (link that I previously gave) explain how to
>> use unix group and setup the appropriate rights to that file so apache can
>> read while the launcher can write.
>>
>> On Wed, Aug 24, 2016 at 3:01 PM, Daniel Zuidinga <info at seoaachen.de>
>> wrote:
>>
>>> how can I check?
>>>
>>> The sessionID is sent to the client. So as far as I understand the http
>>> requests work, but not the ws?
>>>
>>>
>>>
>>> Am 24.08.2016 um 22:52 schrieb Sebastien Jourdain:
>>>
>>> Are you sure apache has the right to read the /home/daniel/proxy.txt
>>> while the launcher is writting it?
>>>
>>> Do you see some content that match your sessionId within that file?
>>>
>>> On Wed, Aug 24, 2016 at 1:57 PM, Daniel Zuidinga <info at seoaachen.de>
>>> wrote:
>>>
>>>>
>>>> I changed sessionManagerURL in my html file to
>>>> vtkWeb.properties.sessionManagerURL instead of
>>>> http://localhost:8080/paraview. Now I get in firefox:
>>>>
>>>> Use of getPreventDefault() is deprecated. Use defaultPrevented
>>>> instead. jquery-1.8.3.min.js:2:0
>>>> GET
>>>> http://localhost/proxy [HTTP/1.1 400 Bad Request 16ms]
>>>> null Visualizer:42:13
>>>> Firefox can't establish a connection to the server at
>>>> ws://localhost/proxy?sessionId=7d12745c-6a34-11e6-a5dc-0016d4e2bc28.
>>>> autobahn.min.js:114:0
>>>> GET
>>>> http://localhost/proxy [HTTP/1.1 400 Bad Request 2ms]
>>>> null
>>>>
>>>> ...I think one more thing is needed.
>>>>
>>>>
>>>>
>>>> Am 24.08.2016 um 21:51 schrieb Daniel Zuidinga:
>>>>
>>>> I had wrong paths in my launcher.config properties.
>>>> Now the request gets through and the vtk window opens. But I have still
>>>> the ws error. Firefox console:
>>>>
>>>> Firefox can't establish a connection to the server at ws://localhost/ws.
>>>> autobahn.min.js:114:0
>>>> null Visualizer:42:13
>>>> Use of getPreventDefault() is deprecated. Use defaultPrevented
>>>> instead. jquery-1.8.3.min.js:2:0
>>>> No launcher found. Attempting to connect using the direct WS url.
>>>> vtkweb-all.js:4456:19
>>>>
>>>> --- vtk window opens, then:
>>>>
>>>> Cross-Origin Request Blocked: The Same Origin Policy disallows reading
>>>> the remote resource at http://localhost:8080/paraview. (Reason: CORS
>>>> header 'Access-Control-Allow-Origin' missing). <unknown>
>>>> GET
>>>> http://localhost/ws [HTTP/1.1 404 Not Found 2ms]
>>>> null Visualizer:42:13
>>>> Firefox can't establish a connection to the server at ws://localhost/ws
>>>> .
>>>>
>>>>
>>>> Am 24.08.2016 um 19:18 schrieb Sebastien Jourdain:
>>>>
>>>> Actually the hostname might be an issue if you have several network
>>>> card.
>>>> Can you try to use the computer IP? Or '0.0.0.0' for the launcher if
>>>> that work?
>>>>
>>>> Otherwise I did not spotted any issue in your config.
>>>>
>>>> On Wed, Aug 24, 2016 at 11:14 AM, Daniel Zuidinga <info at seoaachen.de>
>>>> wrote:
>>>>
>>>>> - apache 2.4.12
>>>>> - modules are enabled
>>>>> - launcher.py launches without error, resrouces and apps section are
>>>>> in the config file as described in the documentation
>>>>> are all ports and hostnames right in my configuration files? apache is
>>>>> localhost and paraview also
>>>>>
>>>>>
>>>>> Am 24.08.2016 um 16:22 schrieb Sebastien Jourdain:
>>>>>
>>>>> Hi Daniel,
>>>>>
>>>>> Which version of Apache are you running?
>>>>>
>>>>> Did you enabled all the modules?
>>>>>
>>>>> $ sudo a2enmod vhost_alias
>>>>> $ sudo a2enmod proxy
>>>>> $ sudo a2enmod proxy_http
>>>>> $ sudo a2enmod proxy_wstunnel
>>>>> $ sudo a2enmod rewrite
>>>>>
>>>>>
>>>>> For the launcher configuration, do you have a proper "resources" and
>>>>> "apps" section?
>>>>>
>>>>> I'm guessing you are looking at the following documentation pages?
>>>>>
>>>>> - https://kitware.github.io/paraviewweb/docs/guides/apache_fro
>>>>> nt_end.html
>>>>> - https://kitware.github.io/paraviewweb/docs/guides/python_lau
>>>>> ncher.html
>>>>>
>>>>> Once you have the forwarding of the launcher request working, the next
>>>>> part will be the forwarding of the ws. But we can talk about it when and if
>>>>> you run into issue about it.
>>>>>
>>>>> Seb
>>>>>
>>>>> On Wed, Aug 24, 2016 at 2:22 AM, Daniel Zuidinga <info at seoaachen.de>
>>>>> wrote:
>>>>>
>>>>>> I tried to run the launcher as described in the docs. But I am still
>>>>>> getting errors when running http://localhost/apps/Visualizer/
>>>>>>
>>>>>> Firefox console:
>>>>>>
>>>>>> -------------------------------
>>>>>>
>>>>>> 1. when setting sessionManagerURL in html set to
>>>>>> vtkWeb.properties.sessionManagerURL:
>>>>>>
>>>>>> POST
>>>>>> XHR
>>>>>> http://localhost/paraview/ [HTTP/1.1 503 Service Unavailable 48ms]
>>>>>> Object { error: "The process did not properly start.…" }
>>>>>> Visualizer:42:13
>>>>>>
>>>>>>
>>>>>> 2. when setting sessionManagerURL in html to
>>>>>> http://localhost:8080/paraview:
>>>>>>
>>>>>> Firefox can't establish a connection to the server at
>>>>>> ws://localhost/ws. autobahn.min.js:114:0
>>>>>> null Visualizer:42:13
>>>>>> No launcher found. Attempting to connect using the direct WS url.
>>>>>> vtkweb-all.js:4456:19
>>>>>> Use of getPreventDefault() is deprecated. Use defaultPrevented
>>>>>> instead. jquery-1.8.3.min.js:2:0
>>>>>> Cross-Origin Request Blocked: The Same Origin Policy disallows
>>>>>> reading the remote resource at http://localhost:8080/paraview.
>>>>>> (Reason: CORS header 'Access-Control-Allow-Origin' missing). <unknown>
>>>>>> GET
>>>>>> http://localhost/ws [HTTP/1.1 404 Not Found 12ms]
>>>>>> null
>>>>>>
>>>>>>
>>>>>> So the launcher can't start the pv webserver? But running
>>>>>> http://localhost:8080/paraview/1 in browser works but says:
>>>>>> {"error": "No session with id: 1"}
>>>>>>
>>>>>>
>>>>>> My apache config:
>>>>>>
>>>>>> -----------------------------
>>>>>>
>>>>>> <VirtualHost *:80>
>>>>>> ServerName localhost
>>>>>> ServerAdmin info at seoaachen.de
>>>>>> DocumentRoot /home/daniel/salome_meca/V2016
>>>>>> /prerequisites/Paraview-v501_EDF/share/paraview-5.0/www
>>>>>> ErrorLog "logs/pv-error_log"
>>>>>> CustomLog "logs/pv-access_log" common
>>>>>> ### The following commented lines could be useful when running
>>>>>> ### over https and wss:
>>>>>> # SSLEngine On
>>>>>> # SSLCertificateFile /etc/apache2/ssl/your_certificate.crt
>>>>>> # SSLCertificateKeyFile /etc/apache2/ssl/your_domain_key.key
>>>>>> # SSLCertificateChainFile /etc/apache2/ssl/DigiCertCA.crt
>>>>>> #
>>>>>> # <Location ${MY-DOCUMENT-ROOT} >
>>>>>> # SSLRequireSSL On
>>>>>> # SSLVerifyClient optional
>>>>>> # SSLVerifyDepth 1
>>>>>> # SSLOptions +StdEnvVars +StrictRequire
>>>>>> # </Location>
>>>>>> # Have Apache pass these requests to the launcher :9000
>>>>>> ProxyPass /paraview http://localhost:8080/paraview
>>>>>> # Turn on the rewrite engine
>>>>>> RewriteEngine On
>>>>>> # This is the path the mapping file Jetty creates
>>>>>> RewriteMap session-to-port txt:/home/daniel/proxy.txt
>>>>>> # This is the rewrite condition. Look for anything with a
>>>>>> sessionId= in the query part of the URL and capture the value to use below.
>>>>>> RewriteCond %{QUERY_STRING} ^sessionId=(.*)$ [NC]
>>>>>> # This does the rewrite using the mapping file and the sessionId
>>>>>> RewriteRule ^/proxy.*$ ws://${session-to-port:%1}/ws [P]
>>>>>> <Directory "/home/daniel/salome_meca/V201
>>>>>> 6/prerequisites/Paraview-v501_EDF/share/paraview-5.0/www">
>>>>>> Options Indexes FollowSymLinks
>>>>>> Order allow,deny
>>>>>> Allow from all
>>>>>> AllowOverride None
>>>>>> Require all granted
>>>>>> </Directory>
>>>>>> </VirtualHost>
>>>>>>
>>>>>>
>>>>>>
>>>>>> my launcher.json
>>>>>>
>>>>>> ----------------------------
>>>>>>
>>>>>> "configuration": {
>>>>>> "host" : "localhost",
>>>>>>
>>>>>> "port" : 8080,
>>>>>> "endpoint": "paraview",
>>>>>> "content": "/.../www",
>>>>>> "proxy_file" : "/home/daniel/proxy.txt",
>>>>>> "sessionURL": "ws://localhost/proxy?sessionId=${id}",
>>>>>>
>>>>>> "timeout" : 25,
>>>>>> "log_dir" : "/home/daniel",
>>>>>> "upload_dir" : "/home/daniel",
>>>>>> "fields" : ["file", "host", "port", "updir"]
>>>>>> },
>>>>>>
>>>>>>
>>>>>> What am I doing wrong?
>>>>>>
>>>>>>
>>>>>> Daniel Zuidinga
>>>>>> Dipl.-Ing.
>>>>>>
>>>>>> SEO Aachen
>>>>>> Passstr. 5
>>>>>> 52070 Aachen
>>>>>>
>>>>>> Tel : 0241 / 450 912 67
>>>>>> E-Mail: info at seoaachen.de
>>>>>> Web : http://www.seoaachen.de (nur zum Teil aktuell)
>>>>>> Xing : https://www.xing.com/profile/Daniel_Zuidinga
>>>>>>
>>>>>> Bald online: Software Tools für Konstrukteure und Bauteilherstellerhttp://www.engineeringonline.de
>>>>>>
>>>>>> Am 22.08.2016 um 22:32 schrieb Sebastien Jourdain:
>>>>>>
>>>>>> Hi Daniel,
>>>>>>
>>>>>>> I want to use paraview web with SSL. As far as I understand I need
>>>>>>> apache as a proxy server for that? Or is it possible with pvpython?
>>>>>>
>>>>>> It might be possible with pvpython, but I've never done it, I've
>>>>>> always used apache to rely on a single opened port and handle the
>>>>>> encryption.
>>>>>>
>>>>>>
>>>>>>> I have my own launcher which opens pvpython with a different port
>>>>>>> for each user. Is this the right way? Will this work with ssl?
>>>>>>
>>>>>> If pvpython directly support the wss connection, you can be good.
>>>>>> Usually the setup, that I do is that I have Apache serving only the port
>>>>>> 443 (https) for both the static content and the (wss) websocket endpoint.
>>>>>> And I use a mapping file between the Websocket endpoint that get returned
>>>>>> by my launcher and the host/port I should connect to on the backend to
>>>>>> establish the link between the client and the actual ParaViewWeb server
>>>>>> instance.
>>>>>> But that does not mean, that's the only way to do it and if you don't
>>>>>> mind having several port open, I don't see why it could not work.
>>>>>>
>>>>>>
>>>>>>> Concerning: https://kitware.github.io/visualizer/docs/ The web
>>>>>>> visuailzer should work via npm installation? It does not work for me:
>>>>>>> C:\Users\danie\AppData\Roaming\npm\node_modules\pvw-visualiz
>>>>>>> er\bin\pvw-visualizer-cli.js:41 var pvPythonExecs =
>>>>>>> find(paraview).filter(function(file) { return
>>>>>>> file.match(/pvpython$/) || file.match(/pvpython.exe$/); });
>>>>>>> ^ TypeError: find(...).filter is not a function at
>>>>>>> Object.<anonymous> (C:\Users\danie\AppData\Roamin
>>>>>>> g\npm\node_modules\pvw-visualizer\bin\pvw-visualizer-cli.js:41:36)
>>>>>>> at Module._compile (module.js:409:26) at
>>>>>>> Object.Module._extensions..js (module.js:416:10) at Module.load
>>>>>>> (module.js:343:32) at Function.Module._load (module.js:300:12) at
>>>>>>> Function.Module.runMain (module.js:441:10) at startup (node.js:139:18)
>>>>>>> at node.js:968:3
>>>>>>
>>>>>> Well, I guess I haven't tried to run the new Visualizer server on a
>>>>>> Windows machine.
>>>>>> But with ParaView 5.2 (yet to be released), we should have a
>>>>>> ParaViewWeb back in the binaries. So we should make sure our Visualizer
>>>>>> command line tool work on that platform as well.
>>>>>> Although, the command line is more for beginners than anything else
>>>>>> as it only simplify the demo usage. In real word deployment, with a
>>>>>> launcher, the true pvpython command line should be used instead.
>>>>>> Here is an example of what you should see in a working environment:
>>>>>> $ Visualizer -d ~/Downloads/
>>>>>> ============================================================
>>>>>> ===================
>>>>>> | Execute:
>>>>>> | $ /Applications/paraview.app/Contents/bin/pvpython
>>>>>> | -dr
>>>>>> | /Users/seb/Documents/code/Web2/visualizer/server/pvw-visuali
>>>>>> zer.py
>>>>>> | --content
>>>>>> | /Users/seb/Documents/code/Web2/visualizer/dist
>>>>>> | --port
>>>>>> | 8080
>>>>>> | --data
>>>>>> | /Users/seb/Downloads/
>>>>>> ============================================================
>>>>>> ===================
>>>>>> [...]
>>>>>> -- Daniel Zuidinga Dipl.-Ing. SEO Aachen Passstr. 5 52070 Aachen Tel
>>>>>> : 0241 / 450 912 67 E-Mail: info at seoaachen.de Web :
>>>>>> http://www.seoaachen.de (nur zum Teil aktuell) Xing :
>>>>>> https://www.xing.com/profile/Daniel_Zuidinga Bald online: Software
>>>>>> Tools für Konstrukteure und Bauteilhersteller
>>>>>> http://www.engineeringonline.de _______________________________________________
>>>>>> Powered by www.kitware.com Visit other Kitware open-source projects
>>>>>> at http://www.kitware.com/opensource/opensource.html Please keep
>>>>>> messages on-topic and check the ParaView Wiki at:
>>>>>> http://paraview.org/Wiki/ParaView Search the list archives at:
>>>>>> http://markmail.org/search/?q=ParaView Follow this link to
>>>>>> subscribe/unsubscribe: http://public.kitware.com/mail
>>>>>> man/listinfo/paraview
>>>>>>
>>>>>> _______________________________________________
>>>> Powered by www.kitware.com
>>>>
>>>> Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html
>>>>
>>>> Please keep messages on-topic and check the ParaView Wiki at: http://paraview.org/Wiki/ParaView
>>>>
>>>> Search the list archives at: http://markmail.org/search/?q=ParaView
>>>>
>>>> Follow this link to subscribe/unsubscribe:http://public.kitware.com/mailman/listinfo/paraview
>>>>
>>>> _______________________________________________ Powered by
>>>> www.kitware.com Visit other Kitware open-source projects at
>>>> http://www.kitware.com/opensource/opensource.html Please keep messages
>>>> on-topic and check the ParaView Wiki at: http://paraview.org/Wiki/ParaV
>>>> iew Search the list archives at: http://markmail.org/search/?q=ParaView
>>>> Follow this link to subscribe/unsubscribe:
>>>> http://public.kitware.com/mailman/listinfo/paraview
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/paraview/attachments/20160825/050902cc/attachment.html>
More information about the ParaView
mailing list