Accessing JS and CSS from CDN via SSL

Hi all.
I’m just implementing an internal dashboard using Bokeh. The site is SSL-only. Unfortunately, when I attempt to access the CSN via SSL, it returns a certificate that doesn’t match the domain.

(e.g. accessing https://cdn.pydata.org/bokeh-0.6.1.min.css). Chrome summarizes it nicely as “This server could not prove that it is cdn.pydata.org; its security certificate is from a248.e.akamai.net”.

Is there a convenient work-around for this? I could pull the static files into my own server, but then I’d be faced with having to keep them up-to-date/synced with each release. Can the Bokeh server offer up the installed version on access to something generic, like /static/bokeh.min-css?

Perhaps Bokeh would consider using a CDN service that support user SSL certificates (Akamai does, but unsure if that passes through to Rackspace or not).

Is there a recommended way to get the latest version of those files from the site-packages installation (for example, my Tornado server could check for the existence of the files in the static web folder and if missing, copy them from the package…)

Thanks,

-David

David,

My apologies for the delay this got lost in a mountain of new messages. Did you ever find a solution for this? If not, can you create an issue on GH so I can get the appropriate ops folks involved to help solve this?

Thanks,

Bryan

···

On Nov 6, 2014, at 1:43 PM, David Jung <[email protected]> wrote:

Hi all.
I'm just implementing an internal dashboard using Bokeh. The site is SSL-only. Unfortunately, when I attempt to access the CSN via SSL, it returns a certificate that doesn't match the domain.

(e.g. accessing https://cdn.pydata.org/bokeh-0.6.1.min.css). Chrome summarizes it nicely as "This server could not prove that it is cdn.pydata.org; its security certificate is from a248.e.akamai.net".

Is there a convenient work-around for this? I could pull the static files into my own server, but then I'd be faced with having to keep them up-to-date/synced with each release. Can the Bokeh server offer up the installed version on access to something generic, like /static/bokeh.min-css?

Perhaps Bokeh would consider using a CDN service that support user SSL certificates (Akamai does, but unsure if that passes through to Rackspace or not).

Is there a recommended way to get the latest version of those files from the site-packages installation (for example, my Tornado server could check for the existence of the files in the static web folder and if missing, copy them from the package..)

Thanks,
-David

--
You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/88925856-3bb8-43d7-a72f-4d6efa02ca0f%40continuum.io.
For more options, visit https://groups.google.com/a/continuum.io/d/optout.

Reviving this since it hasn’t received attention in a year, please fix! Don’t really want to have to install Bokeh locally.

···

On Friday, December 5, 2014 at 3:36:54 PM UTC-5, Bryan Van de ven wrote:

David,

My apologies for the delay this got lost in a mountain of new messages. Did you ever find a solution for this? If not, can you create an issue on GH so I can get the appropriate ops folks involved to help solve this?

Thanks,

Bryan

On Nov 6, 2014, at 1:43 PM, David Jung [email protected] wrote:

Hi all.

I’m just implementing an internal dashboard using Bokeh. The site is SSL-only. Unfortunately, when I attempt to access the CSN via SSL, it returns a certificate that doesn’t match the domain.

(e.g. accessing https://cdn.pydata.org/bokeh-0.6.1.min.css). Chrome summarizes it nicely as “This server could not prove that it is cdn.pydata.org; its security certificate is from a248.e.akamai.net”.

Is there a convenient work-around for this? I could pull the static files into my own server, but then I’d be faced with having to keep them up-to-date/synced with each release. Can the Bokeh server offer up the installed version on access to something generic, like /static/bokeh.min-css?

Perhaps Bokeh would consider using a CDN service that support user SSL certificates (Akamai does, but unsure if that passes through to Rackspace or not).

Is there a recommended way to get the latest version of those files from the site-packages installation (for example, my Tornado server could check for the existence of the files in the static web folder and if missing, copy them from the package…)

Thanks,

-David


You received this message because you are subscribed to the Google Groups “Bokeh Discussion - Public” group.

To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].

To post to this group, send email to [email protected].

To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/88925856-3bb8-43d7-a72f-4d6efa02ca0f%40continuum.io.

For more options, visit https://groups.google.com/a/continuum.io/d/optout.

Hey thanks for the remind. BokehJS has actually been available via HTTPS for some time now, and you could construct your own resources to use tho, but in all that's going on we forgot to finish the task and update the default base CDN URL to use new HTTPS server. See

  https://github.com/bokeh/bokeh/pull/3332

will be in upcoming 0.11 release.

Bryan

···

On Dec 13, 2015, at 8:31 PM, [email protected] wrote:

Reviving this since it hasn't received attention in a year, please fix! Don't really want to have to install Bokeh locally.

On Friday, December 5, 2014 at 3:36:54 PM UTC-5, Bryan Van de ven wrote:
David,

My apologies for the delay this got lost in a mountain of new messages. Did you ever find a solution for this? If not, can you create an issue on GH so I can get the appropriate ops folks involved to help solve this?

Thanks,

Bryan

> On Nov 6, 2014, at 1:43 PM, David Jung <[email protected]> wrote:
>
> Hi all.
> I'm just implementing an internal dashboard using Bokeh. The site is SSL-only. Unfortunately, when I attempt to access the CSN via SSL, it returns a certificate that doesn't match the domain.
>
> (e.g. accessing https://cdn.pydata.org/bokeh-0.6.1.min.css). Chrome summarizes it nicely as "This server could not prove that it is cdn.pydata.org; its security certificate is from a248.e.akamai.net".
>
> Is there a convenient work-around for this? I could pull the static files into my own server, but then I'd be faced with having to keep them up-to-date/synced with each release. Can the Bokeh server offer up the installed version on access to something generic, like /static/bokeh.min-css?
>
> Perhaps Bokeh would consider using a CDN service that support user SSL certificates (Akamai does, but unsure if that passes through to Rackspace or not).
>
> Is there a recommended way to get the latest version of those files from the site-packages installation (for example, my Tornado server could check for the existence of the files in the static web folder and if missing, copy them from the package..)
>
> Thanks,
> -David
>
>
> --
> You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/88925856-3bb8-43d7-a72f-4d6efa02ca0f%40continuum.io.
> For more options, visit https://groups.google.com/a/continuum.io/d/optout.

--
You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/f19feb85-d16e-4d9e-8b41-2ff2008a569a%40continuum.io.
For more options, visit https://groups.google.com/a/continuum.io/d/optout.

Well, re-reading I am not sure if this is the same thing or not? You mention the HTTPS link a year ago, but setting up BokehJS HTTPS only happened in August, so that confuses me. Can you verify whether it's working for you or not? SSL/certificates are not an area of expertise for me, so your assistance may be required if not.

Bryan

···

On Dec 13, 2015, at 8:39 PM, Bryan Van de Ven <[email protected]> wrote:

Hey thanks for the remind. BokehJS has actually been available via HTTPS for some time now, and you could construct your own resources to use tho, but in all that's going on we forgot to finish the task and update the default base CDN URL to use new HTTPS server. See

  https://github.com/bokeh/bokeh/pull/3332

will be in upcoming 0.11 release.

Bryan

On Dec 13, 2015, at 8:31 PM, [email protected] wrote:

Reviving this since it hasn't received attention in a year, please fix! Don't really want to have to install Bokeh locally.

On Friday, December 5, 2014 at 3:36:54 PM UTC-5, Bryan Van de ven wrote:
David,

My apologies for the delay this got lost in a mountain of new messages. Did you ever find a solution for this? If not, can you create an issue on GH so I can get the appropriate ops folks involved to help solve this?

Thanks,

Bryan

On Nov 6, 2014, at 1:43 PM, David Jung <[email protected]> wrote:

Hi all.
I'm just implementing an internal dashboard using Bokeh. The site is SSL-only. Unfortunately, when I attempt to access the CSN via SSL, it returns a certificate that doesn't match the domain.

(e.g. accessing https://cdn.pydata.org/bokeh-0.6.1.min.css). Chrome summarizes it nicely as "This server could not prove that it is cdn.pydata.org; its security certificate is from a248.e.akamai.net".

Is there a convenient work-around for this? I could pull the static files into my own server, but then I'd be faced with having to keep them up-to-date/synced with each release. Can the Bokeh server offer up the installed version on access to something generic, like /static/bokeh.min-css?

Perhaps Bokeh would consider using a CDN service that support user SSL certificates (Akamai does, but unsure if that passes through to Rackspace or not).

Is there a recommended way to get the latest version of those files from the site-packages installation (for example, my Tornado server could check for the existence of the files in the static web folder and if missing, copy them from the package..)

Thanks,
-David

--
You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/88925856-3bb8-43d7-a72f-4d6efa02ca0f%40continuum.io.
For more options, visit https://groups.google.com/a/continuum.io/d/optout.

--
You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/f19feb85-d16e-4d9e-8b41-2ff2008a569a%40continuum.io.
For more options, visit https://groups.google.com/a/continuum.io/d/optout.