I’m trying to deploy Django application with Bokeh visualisations on AWS Beanstalk.
Application works fine locally, but I’m unable to make it working on AWS. I’m using Beanstalk with single instance on Amazon Linux/2.8.3 and domain set with SSL redirection.
I think the issue is with Virtual Host settings. Below you may see the settings I use for SSL configuration.
<VirtualHost *:443>
<Directory /opt/python/current/app/build/static>
Order deny,allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile "path to Certificate File"
SSLCertificateKeyFile "path to Certificate Key File"
SSLCipherSuite "Clipher string"
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLSessionTickets Off
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
ProxyPass / http://localhost:80/ retry=0
ProxyPassReverse / http://localhost:80/
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https" early
</VirtualHost>
I’ve tried to add to this script settings for Bokeh server proxy:
Offhand, you don't appear to be proxying the websocket endpoints, which I believe is necessary. This is not an area of expertise for me, unfortunately, but everything that I know is contained in the examples in the docs:
I'm trying to deploy Django application with Bokeh visualisations on AWS Beanstalk.
Application works fine locally, but I'm unable to make it working on AWS. I'm using Beanstalk with single instance on Amazon Linux/2.8.3 and domain set with SSL redirection.
I think the issue is with Virtual Host settings. Below you may see the settings I use for SSL configuration.
<VirtualHost *:443>
<Directory /opt/python/current/app/build/static>
Order deny,allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile "path to Certificate File"
SSLCertificateKeyFile "path to Certificate Key File"
SSLCipherSuite "Clipher string"
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLSessionTickets Off
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
When I run bokeh server on my EC2 instance with command "bokeh serve dashboard.py --port 5100 --use-xheaders --allow-websocket-origin="*"" it doesn't work and I receive connection error.
Any suggestions on this would be much appreciated.
I’ve tried with this configuration as well. Unfortunately any page of my application doesn’t work than, not only the one with bokeh visualisation.
Unfortunately I do not have any knowledge of Apache configuration and I have no idea what else might help.
Radek
W dniu niedziela, 19 maja 2019 19:40:38 UTC+2 użytkownik Bryan Van de Ven napisał:
···
Hi,
Offhand, you don’t appear to be proxying the websocket endpoints, which I believe is necessary. This is not an area of expertise for me, unfortunately, but everything that I know is contained in the examples in the docs:
I’m trying to deploy Django application with Bokeh visualisations on AWS Beanstalk.
Application works fine locally, but I’m unable to make it working on AWS. I’m using Beanstalk with single instance on Amazon Linux/2.8.3 and domain set with SSL redirection.
I think the issue is with Virtual Host settings. Below you may see the settings I use for SSL configuration.
<VirtualHost *:443>
<Directory /opt/python/current/app/build/static>
Order deny,allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile "path to Certificate File"
SSLCertificateKeyFile "path to Certificate Key File"
SSLCipherSuite "Clipher string"
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLSessionTickets Off
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
When I run bokeh server on my EC2 instance with command “bokeh serve dashboard.py --port 5100 --use-xheaders --allow-websocket-origin=”*“” it doesn’t work and I receive connection error.
Any suggestions on this would be much appreciated.
Thanks
Radek
–
You received this message because you are subscribed to the Google Groups “Bokeh Discussion - Public” group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
You might have more success finding the most relevant expertise in an Apache support forum. I know even less about Apache than I do Nginx, so I am sorry I cannot be more direct help. Basic embedding Bokeh through a proxy means configuring it to forward the base url, the ws url, and the static url. If you figure out an Apache config for SSL please report back so we can incorporate that into our docs.
I've tried with this configuration as well. Unfortunately any page of my application doesn't work than, not only the one with bokeh visualisation.
Unfortunately I do not have any knowledge of Apache configuration and I have no idea what else might help.
Radek
W dniu niedziela, 19 maja 2019 19:40:38 UTC+2 użytkownik Bryan Van de Ven napisał:
Hi,
Offhand, you don't appear to be proxying the websocket endpoints, which I believe is necessary. This is not an area of expertise for me, unfortunately, but everything that I know is contained in the examples in the docs:
> On May 19, 2019, at 10:28 AM, Radek S <[email protected]> wrote:
>
> I'm trying to deploy Django application with Bokeh visualisations on AWS Beanstalk.
> Application works fine locally, but I'm unable to make it working on AWS. I'm using Beanstalk with single instance on Amazon Linux/2.8.3 and domain set with SSL redirection.
> I think the issue is with Virtual Host settings. Below you may see the settings I use for SSL configuration.
> <VirtualHost *:443>
> <Directory /opt/python/current/app/build/static>
> Order deny,allow
> Allow from all
> </Directory>
>
> SSLEngine on
> SSLCertificateFile "path to Certificate File"
> SSLCertificateKeyFile "path to Certificate Key File"
> SSLCipherSuite "Clipher string"
> SSLProtocol All -SSLv2 -SSLv3
> SSLHonorCipherOrder On
> SSLSessionTickets Off
>
> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
> Header always set X-Frame-Options DENY
> Header always set X-Content-Type-Options nosniff
>
> ProxyPass / http://localhost:80/ retry=0
> ProxyPassReverse / http://localhost:80/
> ProxyPreserveHost on
> RequestHeader set X-Forwarded-Proto "https" early
> </VirtualHost>
> I've tried to add to this script settings for Bokeh server proxy:
> • ProxyPass /dashboard http://127.0.0.1:5100/dashboard/
> • ProxyPassReverse /dashboard http://127.0.0.1:5100/dashboard/
> I've also tried to create a separate virtual host for port 80
> <VirtualHost *:80>
> ProxyPass /dashboard http://127.0.0.1:5100/dashboard/
> ProxyPassReverse /dashboard http://127.0.0.1:5100/dashboard/
> </VirtualHost>
>
> When I run bokeh server on my EC2 instance with command "bokeh serve dashboard.py --port 5100 --use-xheaders --allow-websocket-origin="*"" it doesn't work and I receive connection error.
>
> Any suggestions on this would be much appreciated.
>
> Thanks
> Radek
>
> --
> You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to bo...@continuum.io.
> To post to this group, send email to bo...@continuum.io.
> To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/6c4b20da-38d7-475f-85a1-08f787d409ae%40continuum.io\.
> For more options, visit https://groups.google.com/a/continuum.io/d/optout\.
are you aware of any websocket configuration I should have done in Django to have websocket url defined?
Radek
W dniu niedziela, 19 maja 2019 20:54:43 UTC+2 użytkownik Bryan Van de Ven napisał:
···
Hi,
You might have more success finding the most relevant expertise in an Apache support forum. I know even less about Apache than I do Nginx, so I am sorry I cannot be more direct help. Basic embedding Bokeh through a proxy means configuring it to forward the base url, the ws url, and the static url. If you figure out an Apache config for SSL please report back so we can incorporate that into our docs.
I’ve tried with this configuration as well. Unfortunately any page of my application doesn’t work than, not only the one with bokeh visualisation.
Unfortunately I do not have any knowledge of Apache configuration and I have no idea what else might help.
Radek
W dniu niedziela, 19 maja 2019 19:40:38 UTC+2 użytkownik Bryan Van de Ven napisał:
Hi,
Offhand, you don’t appear to be proxying the websocket endpoints, which I believe is necessary. This is not an area of expertise for me, unfortunately, but everything that I know is contained in the examples in the docs:
I’m trying to deploy Django application with Bokeh visualisations on AWS Beanstalk.
Application works fine locally, but I’m unable to make it working on AWS. I’m using Beanstalk with single instance on Amazon Linux/2.8.3 and domain set with SSL redirection.
I think the issue is with Virtual Host settings. Below you may see the settings I use for SSL configuration.
<VirtualHost *:443>
<Directory /opt/python/current/app/build/static>
Order deny,allow
Allow from all
SSLEngine on
SSLCertificateFile "path to Certificate File"
SSLCertificateKeyFile "path to Certificate Key File"
SSLCipherSuite "Clipher string"
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLSessionTickets Off
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
ProxyPass / [http://localhost:80/](http://localhost:80/) retry=0
ProxyPassReverse / [http://localhost:80/](http://localhost:80/)
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https" early
</VirtualHost>
When I run bokeh server on my EC2 instance with command “bokeh serve dashboard.py --port 5100 --use-xheaders --allow-websocket-origin=”*“” it doesn’t work and I receive connection error.
Any suggestions on this would be much appreciated.
Hi, you should not need to configure anything in Django AFAIK. At least, I have never seen anything required for Flask, and I assume the same would hold true for Django. BokehJS itself takes care of setting up the websocket connection to the Bokeh server (which is why the proxy need to handle the ws endpoint). Speaking of which, if you want to lock the server down to only instantiate sessions originating from your Django code, you should consider using signed session ids, as demonstrated here:
are you aware of any websocket configuration I should have done in Django to have websocket url defined?
Radek
W dniu niedziela, 19 maja 2019 20:54:43 UTC+2 użytkownik Bryan Van de Ven napisał:
Hi,
You might have more success finding the most relevant expertise in an Apache support forum. I know even less about Apache than I do Nginx, so I am sorry I cannot be more direct help. Basic embedding Bokeh through a proxy means configuring it to forward the base url, the ws url, and the static url. If you figure out an Apache config for SSL please report back so we can incorporate that into our docs.
Thanks,
Bryan
> On May 19, 2019, at 11:25 AM, Radek S <[email protected]> wrote:
>
> Hi Bryan, thanks for your response.
>
> I've tried with this configuration as well. Unfortunately any page of my application doesn't work than, not only the one with bokeh visualisation.
> Unfortunately I do not have any knowledge of Apache configuration and I have no idea what else might help.
>
> Radek
>
> W dniu niedziela, 19 maja 2019 19:40:38 UTC+2 użytkownik Bryan Van de Ven napisał:
> Hi,
>
> Offhand, you don't appear to be proxying the websocket endpoints, which I believe is necessary. This is not an area of expertise for me, unfortunately, but everything that I know is contained in the examples in the docs:
>
> Bokeh server — Bokeh 3.3.2 Documentation
>
> Thanks,
>
> Bryan
>
> > On May 19, 2019, at 10:28 AM, Radek S <[email protected]> wrote:
> >
> > I'm trying to deploy Django application with Bokeh visualisations on AWS Beanstalk.
> > Application works fine locally, but I'm unable to make it working on AWS. I'm using Beanstalk with single instance on Amazon Linux/2.8.3 and domain set with SSL redirection.
> > I think the issue is with Virtual Host settings. Below you may see the settings I use for SSL configuration.
> > <VirtualHost *:443>
> > <Directory /opt/python/current/app/build/static>
> > Order deny,allow
> > Allow from all
> > </Directory>
> >
> > SSLEngine on
> > SSLCertificateFile "path to Certificate File"
> > SSLCertificateKeyFile "path to Certificate Key File"
> > SSLCipherSuite "Clipher string"
> > SSLProtocol All -SSLv2 -SSLv3
> > SSLHonorCipherOrder On
> > SSLSessionTickets Off
> >
> > Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
> > Header always set X-Frame-Options DENY
> > Header always set X-Content-Type-Options nosniff
> >
> > ProxyPass / http://localhost:80/ retry=0
> > ProxyPassReverse / http://localhost:80/
> > ProxyPreserveHost on
> > RequestHeader set X-Forwarded-Proto "https" early
> > </VirtualHost>
> > I've tried to add to this script settings for Bokeh server proxy:
> > • ProxyPass /dashboard http://127.0.0.1:5100/dashboard/
> > • ProxyPassReverse /dashboard http://127.0.0.1:5100/dashboard/
> > I've also tried to create a separate virtual host for port 80
> > <VirtualHost *:80>
> > ProxyPass /dashboard http://127.0.0.1:5100/dashboard/
> > ProxyPassReverse /dashboard http://127.0.0.1:5100/dashboard/
> > </VirtualHost>
> >
> > When I run bokeh server on my EC2 instance with command "bokeh serve dashboard.py --port 5100 --use-xheaders --allow-websocket-origin="*"" it doesn't work and I receive connection error.
> >
> > Any suggestions on this would be much appreciated.
> >
> > Thanks
> > Radek
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to bo...@continuum.io.
> > To post to this group, send email to bo...@continuum.io.
> > To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/6c4b20da-38d7-475f-85a1-08f787d409ae%40continuum.io\.
> > For more options, visit https://groups.google.com/a/continuum.io/d/optout\.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Bokeh Discussion - Public" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to bo...@continuum.io.
> To post to this group, send email to bo...@continuum.io.
> To view this discussion on the web visit https://groups.google.com/a/continuum.io/d/msgid/bokeh/19aea52c-2277-4521-9d48-29ffbda888cb%40continuum.io\.
> For more options, visit https://groups.google.com/a/continuum.io/d/optout\.
I think I’ve configured websocket correctly, but I have issue with static files.
I do have path to static file folder managed by Django set in virtual host and it works fine.I copied Bokeh static files to this folder and files are available thorugh the browser (for example I can see content of “bokeh-widgets.min.css” file under the url https://domainname/static/css/bokeh-widgets.min.css). My bokeh application runs under the url https://domainname/dashboard, so when I try to load dashboard then it tries to load static files from https://domainname/dashboard/static url and it returns 404 error.
I’ve tried to create alias in virtualhost for dashboard/static to my django static folder, but it didn’t change anything.
I asume location of bokeh static files is managed by tornado internally. I’m not sure how could I redirect tornado to django static folder… I’ve tried to do it through modification of urls.py file (bokeh\server\urls.py):
Is there a specific reason you must move the BokehJS files? If you leave them in place and let Bokeh serve its own static folder, then I would expect the https://domainname/dashboard/static URLs to just work, as long as everything under https://domainname/dashboard/ is routed to the Bokeh server.
Hi Bryan,
I would prefer to not move static folder, but have no idea what else could I do to make bokeh working with ssl configuration (everything works fine with http…). I think I have done everything what was needed, but I still receive 404 error when browser try to access static files.
So, I am fairly certain there is a way to configure Apache/SSL things so that accessing the static files from the Bokeh server at its URL works, but unfortunately I have zero experience with Apache so I cannot be of help with that. So at this point, for my part, I can only start suggesting things that I’d consider less than optimal.
The Resources object (which controls the URL to look for BokehJS files) that the app uses is obtained from the BokehTornado.resources() method. So, if you run the Bokeh server programmatically, e.g. as in the tornado_embed.py example, then you could subclass or monkeypatch that resources method to return a Resources object with a root_url configured to point wherever you want (i.e. your top-level Django static dir).
I would say this points to a need to have the resources location be more easily configurable via standard bokeh serve, so I’d encourage you to submit a GitHub issue to discuss it.