[Paraview] Paraview Web with SSL
Daniel Zuidinga
info at seoaachen.de
Fri Aug 26 07:52:24 EDT 2016
I have still a question. How can I pass arguments to that launcher from
the client? E.g. I want to pass a file or a directory.
Am 25.08.2016 um 16:32 schrieb Sebastien Jourdain:
> Thanks Daniel,
>
> the documentation explain how to do it in a slightly more secure way
> with groups and so on... ;-)
>
> On Thu, Aug 25, 2016 at 1:20 AM, Daniel Zuidinga <info at seoaachen.de
> <mailto:info at seoaachen.de>> wrote:
>
> I allowed read/write permissions for proxy.txt for all. Now it
> works! Thank you very much. I hope I can contribute to paraview
> web when I am more into it.
>
>
> Am 25.08.2016 um 01:19 schrieb Sebastien Jourdain:
>> Looking at your system log you may have some hints on what is
>> going wrong. (Still leaning toward file system security issue)
>>
>> The sessionId could still be sent back but if the launcher can
>> not write that file, then apache could not figure out its mapping.
>>
>> What linux version are you running it on?
>>
>>
>> On Wed, Aug 24, 2016 at 4:12 PM, Daniel Zuidinga
>> <info at seoaachen.de <mailto:info at seoaachen.de>> wrote:
>>
>> yes that file has contents. otherwise the sessionID also
>> wouldn't be send back?
>>
>> any ideas how to fix the ws communication?
>>
>>
>> Am 24.08.2016 um 23:44 schrieb Sebastien Jourdain:
>>> Yes it seems the ws forwarding is not working.
>>>
>>> if you cat that file you should see some content with that
>>> id and a host/port that apache should use to connect to the
>>> server that is running paraview.
>>>
>>> Otherwise the documentation (link that I previously gave)
>>> explain how to use unix group and setup the appropriate
>>> rights to that file so apache can read while the launcher
>>> can write.
>>>
>>> On Wed, Aug 24, 2016 at 3:01 PM, Daniel Zuidinga
>>> <info at seoaachen.de <mailto:info at seoaachen.de>> wrote:
>>>
>>> how can I check?
>>>
>>> The sessionID is sent to the client. So as far as I
>>> understand the http requests work, but not the ws?
>>>
>>>
>>>
>>> Am 24.08.2016 um 22:52 schrieb Sebastien Jourdain:
>>>> Are you sure apache has the right to read the
>>>> /home/daniel/proxy.txt while the launcher is writting it?
>>>>
>>>> Do you see some content that match your sessionId
>>>> within that file?
>>>>
>>>> On Wed, Aug 24, 2016 at 1:57 PM, Daniel Zuidinga
>>>> <info at seoaachen.de <mailto:info at seoaachen.de>> wrote:
>>>>
>>>>
>>>> I changed sessionManagerURL in my html file to
>>>> vtkWeb.properties.sessionManagerURL instead of
>>>> http://localhost:8080/paraview. Now I get in firefox:
>>>>
>>>> Use of getPreventDefault() is deprecated. Use
>>>> defaultPrevented instead. jquery-1.8.3.min.js:2:0
>>>> GET
>>>> http://localhost/proxy [HTTP/1.1 400 Bad Request 16ms]
>>>> null Visualizer:42:13
>>>> Firefox can't establish a connection to the server
>>>> at
>>>> ws://localhost/proxy?sessionId=7d12745c-6a34-11e6-a5dc-0016d4e2bc28.
>>>> autobahn.min.js:114:0
>>>> GET
>>>> http://localhost/proxy [HTTP/1.1 400 Bad Request 2ms]
>>>> null
>>>>
>>>> ...I think one more thing is needed.
>>>>
>>>>
>>>>
>>>> Am 24.08.2016 um 21:51 schrieb Daniel Zuidinga:
>>>>> I had wrong paths in my launcher.config properties.
>>>>> Now the request gets through and the vtk window
>>>>> opens. But I have still the ws error. Firefox console:
>>>>>
>>>>> Firefox can't establish a connection to the server
>>>>> at ws://localhost/ws. autobahn.min.js:114:0
>>>>> null Visualizer:42:13
>>>>> Use of getPreventDefault() is deprecated. Use
>>>>> defaultPrevented instead. jquery-1.8.3.min.js:2:0
>>>>> No launcher found. Attempting to connect using the
>>>>> direct WS url. vtkweb-all.js:4456:19
>>>>>
>>>>> --- vtk window opens, then:
>>>>>
>>>>> Cross-Origin Request Blocked: The Same Origin
>>>>> Policy disallows reading the remote resource at
>>>>> http://localhost:8080/paraview. (Reason: CORS
>>>>> header 'Access-Control-Allow-Origin' missing).
>>>>> <unknown>
>>>>> GET
>>>>> http://localhost/ws [HTTP/1.1 404 Not Found 2ms]
>>>>> null Visualizer:42:13
>>>>> Firefox can't establish a connection to the server
>>>>> at ws://localhost/ws.
>>>>>
>>>>>
>>>>> Am 24.08.2016 um 19:18 schrieb Sebastien Jourdain:
>>>>>> Actually the hostname might be an issue if you
>>>>>> have several network card.
>>>>>> Can you try to use the computer IP? Or '0.0.0.0'
>>>>>> for the launcher if that work?
>>>>>>
>>>>>> Otherwise I did not spotted any issue in your config.
>>>>>>
>>>>>> On Wed, Aug 24, 2016 at 11:14 AM, Daniel Zuidinga
>>>>>> <info at seoaachen.de <mailto:info at seoaachen.de>> wrote:
>>>>>>
>>>>>> - apache 2.4.12
>>>>>> - modules are enabled
>>>>>> - launcher.py launches without error,
>>>>>> resrouces and apps section are in the config
>>>>>> file as described in the documentation
>>>>>> are all ports and hostnames right in my
>>>>>> configuration files? apache is localhost and
>>>>>> paraview also
>>>>>>
>>>>>>
>>>>>> Am 24.08.2016 um 16:22 schrieb Sebastien
>>>>>> Jourdain:
>>>>>>> Hi Daniel,
>>>>>>>
>>>>>>> Which version of Apache are you running?
>>>>>>>
>>>>>>> Did you enabled all the modules?
>>>>>>>
>>>>>>> $ sudo a2enmod vhost_alias
>>>>>>> $ sudo a2enmod proxy
>>>>>>> $ sudo a2enmod proxy_http
>>>>>>> $ sudo a2enmod proxy_wstunnel
>>>>>>> $ sudo a2enmod rewrite
>>>>>>>
>>>>>>> For the launcher configuration, do you have
>>>>>>> a proper "resources" and "apps" section?
>>>>>>>
>>>>>>> I'm guessing you are looking at the
>>>>>>> following documentation pages?
>>>>>>>
>>>>>>> -
>>>>>>> https://kitware.github.io/paraviewweb/docs/guides/apache_front_end.html
>>>>>>> <https://kitware.github.io/paraviewweb/docs/guides/apache_front_end.html>
>>>>>>> -
>>>>>>> https://kitware.github.io/paraviewweb/docs/guides/python_launcher.html
>>>>>>> <https://kitware.github.io/paraviewweb/docs/guides/python_launcher.html>
>>>>>>>
>>>>>>> Once you have the forwarding of the launcher
>>>>>>> request working, the next part will be the
>>>>>>> forwarding of the ws. But we can talk about
>>>>>>> it when and if you run into issue about it.
>>>>>>>
>>>>>>> Seb
>>>>>>>
>>>>>>> On Wed, Aug 24, 2016 at 2:22 AM, Daniel
>>>>>>> Zuidinga <info at seoaachen.de
>>>>>>> <mailto:info at seoaachen.de>> wrote:
>>>>>>>
>>>>>>> I tried to run the launcher as described
>>>>>>> in the docs. But I am still getting
>>>>>>> errors when running
>>>>>>> http://localhost/apps/Visualizer/
>>>>>>> <http://localhost/apps/Visualizer/>
>>>>>>>
>>>>>>> Firefox console:
>>>>>>>
>>>>>>> -------------------------------
>>>>>>>
>>>>>>> 1. when setting sessionManagerURL in
>>>>>>> html set to
>>>>>>> vtkWeb.properties.sessionManagerURL:
>>>>>>>
>>>>>>> POST
>>>>>>> XHR
>>>>>>> http://localhost/paraview/ [HTTP/1.1 503
>>>>>>> Service Unavailable 48ms]
>>>>>>> Object { error: "The process did not
>>>>>>> properly start.…" } Visualizer:42:13
>>>>>>>
>>>>>>>
>>>>>>> 2. when setting sessionManagerURL in
>>>>>>> html to http://localhost:8080/paraview:
>>>>>>>
>>>>>>> Firefox can't establish a connection to
>>>>>>> the server at ws://localhost/ws.
>>>>>>> autobahn.min.js:114:0
>>>>>>> null Visualizer:42:13
>>>>>>> No launcher found. Attempting to connect
>>>>>>> using the direct WS url.
>>>>>>> vtkweb-all.js:4456:19
>>>>>>> Use of getPreventDefault() is
>>>>>>> deprecated. Use defaultPrevented
>>>>>>> instead. jquery-1.8.3.min.js:2:0
>>>>>>> Cross-Origin Request Blocked: The Same
>>>>>>> Origin Policy disallows reading the
>>>>>>> remote resource at
>>>>>>> http://localhost:8080/paraview. (Reason:
>>>>>>> CORS header
>>>>>>> 'Access-Control-Allow-Origin' missing).
>>>>>>> <unknown>
>>>>>>> GET
>>>>>>> http://localhost/ws [HTTP/1.1 404 Not
>>>>>>> Found 12ms]
>>>>>>> null
>>>>>>>
>>>>>>>
>>>>>>> So the launcher can't start the pv
>>>>>>> webserver? But running
>>>>>>> http://localhost:8080/paraview/1
>>>>>>> <http://localhost:8080/paraview/1> in
>>>>>>> browser works but says: {"error": "No
>>>>>>> session with id: 1"}
>>>>>>>
>>>>>>>
>>>>>>> My apache config:
>>>>>>>
>>>>>>> -----------------------------
>>>>>>>
>>>>>>> <VirtualHost *:80>
>>>>>>> ServerName localhost
>>>>>>> ServerAdmin info at seoaachen.de
>>>>>>> <mailto:info at seoaachen.de>
>>>>>>> DocumentRoot
>>>>>>> /home/daniel/salome_meca/V2016/prerequisites/Paraview-v501_EDF/share/paraview-5.0/www
>>>>>>> ErrorLog "logs/pv-error_log"
>>>>>>> CustomLog "logs/pv-access_log" common
>>>>>>> ### The following commented lines
>>>>>>> could be useful when running
>>>>>>> ### over https and wss:
>>>>>>> # SSLEngine On
>>>>>>> # SSLCertificateFile
>>>>>>> /etc/apache2/ssl/your_certificate.crt
>>>>>>> # SSLCertificateKeyFile
>>>>>>> /etc/apache2/ssl/your_domain_key.key
>>>>>>> # SSLCertificateChainFile
>>>>>>> /etc/apache2/ssl/DigiCertCA.crt
>>>>>>> #
>>>>>>> # <Location ${MY-DOCUMENT-ROOT} >
>>>>>>> # SSLRequireSSL On
>>>>>>> # SSLVerifyClient optional
>>>>>>> # SSLVerifyDepth 1
>>>>>>> # SSLOptions +StdEnvVars +StrictRequire
>>>>>>> # </Location>
>>>>>>> # Have Apache pass these requests to
>>>>>>> the launcher :9000
>>>>>>> ProxyPass /paraview
>>>>>>> http://localhost:8080/paraview
>>>>>>> # Turn on the rewrite engine
>>>>>>> RewriteEngine On
>>>>>>> # This is the path the mapping file
>>>>>>> Jetty creates
>>>>>>> RewriteMap session-to-port
>>>>>>> txt:/home/daniel/proxy.txt
>>>>>>> # This is the rewrite condition.
>>>>>>> Look for anything with a sessionId= in
>>>>>>> the query part of the URL and capture
>>>>>>> the value to use below.
>>>>>>> RewriteCond %{QUERY_STRING}
>>>>>>> ^sessionId=(.*)$ [NC]
>>>>>>> # This does the rewrite using the
>>>>>>> mapping file and the sessionId
>>>>>>> RewriteRule ^/proxy.*$
>>>>>>> ws://${session-to-port:%1}/ws [P]
>>>>>>> <Directory
>>>>>>> "/home/daniel/salome_meca/V2016/prerequisites/Paraview-v501_EDF/share/paraview-5.0/www">
>>>>>>> Options Indexes FollowSymLinks
>>>>>>> Order allow,deny
>>>>>>> Allow from all
>>>>>>> AllowOverride None
>>>>>>> Require all granted
>>>>>>> </Directory>
>>>>>>> </VirtualHost>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> my launcher.json
>>>>>>>
>>>>>>> ----------------------------
>>>>>>>
>>>>>>> "configuration": {
>>>>>>> "host" : "localhost",
>>>>>>>
>>>>>>> "port" : 8080,
>>>>>>> "endpoint": "paraview",
>>>>>>> "content": "/.../www",
>>>>>>> "proxy_file" : "/home/daniel/proxy.txt",
>>>>>>> "sessionURL":
>>>>>>> "ws://localhost/proxy?sessionId=${id}",
>>>>>>>
>>>>>>> "timeout" : 25,
>>>>>>> "log_dir" : "/home/daniel",
>>>>>>> "upload_dir" : "/home/daniel",
>>>>>>> "fields" : ["file", "host", "port",
>>>>>>> "updir"]
>>>>>>> },
>>>>>>>
>>>>>>>
>>>>>>> What am I doing wrong?
>>>>>>>
>>>>>>>
>>>>>>> Daniel Zuidinga
>>>>>>> Dipl.-Ing.
>>>>>>>
>>>>>>> SEO Aachen
>>>>>>> Passstr. 5
>>>>>>> 52070 Aachen
>>>>>>>
>>>>>>> Tel : 0241 / 450 912 67
>>>>>>> E-Mail:info at seoaachen.de <mailto:info at seoaachen.de>
>>>>>>> Web :http://www.seoaachen.de (nur zum Teil aktuell)
>>>>>>> Xing :https://www.xing.com/profile/Daniel_Zuidinga
>>>>>>> <https://www.xing.com/profile/Daniel_Zuidinga>
>>>>>>>
>>>>>>> Bald online: Software Tools für Konstrukteure und Bauteilhersteller
>>>>>>> http://www.engineeringonline.de
>>>>>>> <http://www.engineeringonline.de>
>>>>>>>
>>>>>>> Am 22.08.2016 um 22:32 schrieb Sebastien
>>>>>>> Jourdain:
>>>>>>>> Hi Daniel,
>>>>>>>>
>>>>>>>> I want to use paraview web with
>>>>>>>> SSL. As far as I understand I need
>>>>>>>> apache as a proxy server for that?
>>>>>>>> Or is it possible with pvpython?
>>>>>>>>
>>>>>>>> It might be possible with pvpython, but
>>>>>>>> I've never done it, I've always used
>>>>>>>> apache to rely on a single opened port
>>>>>>>> and handle the encryption.
>>>>>>>>
>>>>>>>> I have my own launcher which opens
>>>>>>>> pvpython with a different port for
>>>>>>>> each user. Is this the right way?
>>>>>>>> Will this work with ssl?
>>>>>>>>
>>>>>>>> If pvpython directly support the wss
>>>>>>>> connection, you can be good. Usually
>>>>>>>> the setup, that I do is that I have
>>>>>>>> Apache serving only the port 443
>>>>>>>> (https) for both the static content and
>>>>>>>> the (wss) websocket endpoint. And I use
>>>>>>>> a mapping file between the Websocket
>>>>>>>> endpoint that get returned by my
>>>>>>>> launcher and the host/port I should
>>>>>>>> connect to on the backend to establish
>>>>>>>> the link between the client and the
>>>>>>>> actual ParaViewWeb server instance.
>>>>>>>> But that does not mean, that's the only
>>>>>>>> way to do it and if you don't mind
>>>>>>>> having several port open, I don't see
>>>>>>>> why it could not work.
>>>>>>>>
>>>>>>>> Concerning:
>>>>>>>> https://kitware.github.io/visualizer/docs/
>>>>>>>> <https://kitware.github.io/visualizer/docs/>
>>>>>>>> The web visuailzer should work via
>>>>>>>> npm installation? It does not work
>>>>>>>> for me:
>>>>>>>> C:\Users\danie\AppData\Roaming\npm\node_modules\pvw-visualizer\bin\pvw-visualizer-cli.js:41
>>>>>>>> var pvPythonExecs =
>>>>>>>> find(paraview).filter(function(file)
>>>>>>>> { return file.match(/pvpython$/) ||
>>>>>>>> file.match(/pvpython.exe$/); });
>>>>>>>> ^
>>>>>>>> TypeError: find(...).filter is not
>>>>>>>> a function at
>>>>>>>> Object.<anonymous>
>>>>>>>> (C:\Users\danie\AppData\Roaming\npm\node_modules\pvw-visualizer\bin\pvw-visualizer-cli.js:41:36)
>>>>>>>> at Module._compile
>>>>>>>> (module.js:409:26) at
>>>>>>>> Object.Module._extensions..js
>>>>>>>> (module.js:416:10) at
>>>>>>>> Module.load (module.js:343:32)
>>>>>>>> at Function.Module._load
>>>>>>>> (module.js:300:12) at
>>>>>>>> Function.Module.runMain
>>>>>>>> (module.js:441:10) at startup
>>>>>>>> (node.js:139:18) at node.js:968:3
>>>>>>>>
>>>>>>>> Well, I guess I haven't tried to run
>>>>>>>> the new Visualizer server on a Windows
>>>>>>>> machine.
>>>>>>>> But with ParaView 5.2 (yet to be
>>>>>>>> released), we should have a ParaViewWeb
>>>>>>>> back in the binaries. So we should make
>>>>>>>> sure our Visualizer command line tool
>>>>>>>> work on that platform as well.
>>>>>>>> Although, the command line is more for
>>>>>>>> beginners than anything else as it only
>>>>>>>> simplify the demo usage. In real word
>>>>>>>> deployment, with a launcher, the true
>>>>>>>> pvpython command line should be used
>>>>>>>> instead.
>>>>>>>> Here is an example of what you should
>>>>>>>> see in a working environment:
>>>>>>>> $ Visualizer -d ~/Downloads/
>>>>>>>> ===============================================================================
>>>>>>>> | Execute:
>>>>>>>> | $
>>>>>>>> /Applications/paraview.app/Contents/bin/pvpython
>>>>>>>> | -dr
>>>>>>>> |
>>>>>>>> /Users/seb/Documents/code/Web2/visualizer/server/pvw-visualizer.py
>>>>>>>> | --content
>>>>>>>> |
>>>>>>>> /Users/seb/Documents/code/Web2/visualizer/dist
>>>>>>>> | --port
>>>>>>>> | 8080
>>>>>>>> | --data
>>>>>>>> | /Users/seb/Downloads/
>>>>>>>> ===============================================================================
>>>>>>>> [...]
>>>>>>>> -- Daniel Zuidinga Dipl.-Ing. SEO
>>>>>>>> Aachen Passstr. 5 52070 Aachen Tel :
>>>>>>>> 0241 / 450 912 67 E-Mail:
>>>>>>>> info at seoaachen.de
>>>>>>>> <mailto:info at seoaachen.de> Web :
>>>>>>>> http://www.seoaachen.de (nur zum Teil
>>>>>>>> aktuell) Xing :
>>>>>>>> https://www.xing.com/profile/Daniel_Zuidinga
>>>>>>>> <https://www.xing.com/profile/Daniel_Zuidinga>
>>>>>>>> Bald online: Software Tools für
>>>>>>>> Konstrukteure und Bauteilhersteller
>>>>>>>> http://www.engineeringonline.de
>>>>>>>> <http://www.engineeringonline.de>
>>>>>>>> _______________________________________________
>>>>>>>> Powered by www.kitware.com
>>>>>>>> <http://www.kitware.com> Visit other
>>>>>>>> Kitware open-source projects at
>>>>>>>> http://www.kitware.com/opensource/opensource.html
>>>>>>>> <http://www.kitware.com/opensource/opensource.html>
>>>>>>>> Please keep messages on-topic and check
>>>>>>>> the ParaView Wiki at:
>>>>>>>> http://paraview.org/Wiki/ParaView
>>>>>>>> <http://paraview.org/Wiki/ParaView>
>>>>>>>> Search the list archives at:
>>>>>>>> http://markmail.org/search/?q=ParaView
>>>>>>>> <http://markmail.org/search/?q=ParaView>
>>>>>>>> Follow this link to
>>>>>>>> subscribe/unsubscribe:
>>>>>>>> http://public.kitware.com/mailman/listinfo/paraview
>>>>>>>> <http://public.kitware.com/mailman/listinfo/paraview>
>>>>>>>>
>>>>>>>
>>>>> _______________________________________________
>>>>> Powered bywww.kitware.com <http://www.kitware.com>
>>>>>
>>>>> Visit other Kitware open-source projects athttp://www.kitware.com/opensource/opensource.html
>>>>> <http://www.kitware.com/opensource/opensource.html>
>>>>>
>>>>> Please keep messages on-topic and check the ParaView Wiki at:http://paraview.org/Wiki/ParaView
>>>>> <http://paraview.org/Wiki/ParaView>
>>>>>
>>>>> Search the list archives at:http://markmail.org/search/?q=ParaView
>>>>> <http://markmail.org/search/?q=ParaView>
>>>>>
>>>>> Follow this link to subscribe/unsubscribe:
>>>>> http://public.kitware.com/mailman/listinfo/paraview
>>>>> <http://public.kitware.com/mailman/listinfo/paraview>
>>>>
>>>> _______________________________________________
>>>> Powered by www.kitware.com <http://www.kitware.com>
>>>> Visit other Kitware open-source projects at
>>>> http://www.kitware.com/opensource/opensource.html
>>>> <http://www.kitware.com/opensource/opensource.html>
>>>> Please keep messages on-topic and check the
>>>> ParaView Wiki at: http://paraview.org/Wiki/ParaView
>>>> <http://paraview.org/Wiki/ParaView> Search the list
>>>> archives at: http://markmail.org/search/?q=ParaView
>>>> <http://markmail.org/search/?q=ParaView> Follow
>>>> this link to subscribe/unsubscribe:
>>>> http://public.kitware.com/mailman/listinfo/paraview
>>>> <http://public.kitware.com/mailman/listinfo/paraview>
>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/paraview/attachments/20160826/5359e33e/attachment.html>
More information about the ParaView
mailing list