Hi, my name is Adrián.
First thank you to Bokeh team because you have created a very usefull and potencially package. I’m newbie with server configuration and I’m having problems to redirect http Bokeh server traffic to https. I have the certificates validated for my server but It is impossible for me redirect that traffic to https. The obvious error that the browsers retrieve is “Blocked mixing content…” by this mix off http and https.
I’m using WSGI to manage flask apps and Bokeh server is appended to one of them. The example configure that is present in the documentation is for base url but in my case is different:
[FLASK APP]
…
command = “bokeh serve app1.py app2.py --allow-websocket-origin=host --port=5006 --address host --use-xheaders &”
… @app.route("/graphic")
def graphic():
script_1 = server_document(host + “/app1”)
return render_template(
“graphic.html”, app1=script_1, template=“Flask”
)
[APACHE]
<VirtualHost *:443>
…
<Location “/app1”>
ProxyPass http://host:5006/app1
Header set X-Forwarded-Proto “https”
Header always set Content-Security-Policy “upgrade-insecure-requests;”
The base url is “https ://host/app1” and the Bokeh server is “http ://host:5006/app1”. If someone knows about my case or similiar share your knowloadge with me, please.
Thank you for your time. If you need help about something I can do as possible I can.
Sorry to hear you are having issues @Adrian I am afraid I just don’t have any expertise or experience with Apache to be able to offer any concrete advice. FWIW the next release of Bokeh later this month will support terminating SSL directly, in case that is an option. See
First of all, thank you for your reply @Bryan.
It’s good news that you are working on the supporting SSL directly I think that a lot of people will thank you. I will investigate more deep more with the url that your share me. If I will found some configuration that it works I will share it with the others.
Hi @Bryan. These days I am testing your 1.3.5dev9 version beta of Bokeh using the new SSL statements on a Apache server. For my surprise all work fine only using the command:
bokeh serve app.py --ssl-certfile=path_to_certfile --ssl-keyfile=path_to_keyfile --port=5006 --address=url --allow-websocket-origin=url
This Bokeh new version will solve a lot of problems with SSL connections and a lot of people will thank you a lot. Thank you so much for your job! Waiting for the final new version.
I had similar problem and couldn’t resolve using apache but I did get closer using websockets rather than straigh proxypass, maybe you could try look at the setup in the link below.
Thank you for the reply @awsbarker. How I replied to Bryan above I used the version on development 1.3.5dev9 and works fine to do this SSL connection. If you want this https connection try to use this version. If you need help I can offer mine.
@Adrian@awsbarker FYI 1.4 should be released this week. Regarding “dev” buillds, I just want to re-emphasize in the strongest possible terms:
CDN resources for dev builds are NOT guaranteed to be hosted forever. They very likely WILL DISAPPEAR at some point. Any content that relies on them WILL BREAK, instantly and forever
Do not rely on CDN resources for dev builds for anything “production” or “permanent” or anything apart from immediate, short-term, local testing and evaluation
Thanks Bryan and Adrian, I looked at1.4rc in GitHub. It sound like the solution to several issues I’ve had especially with mixed HTTP/S content even using nginx and django.
Since my server runs raspbian I have to rely on berryconda (currently bokeh 1.3.4) so I suspect building 1.4 will be a challenge.
I can’t wait to actually fully embed bokeh properly in my website, so far have to rely on iframe or dedicated page.
@awsbarker The published PyPI package for Bokeh is not complicated (no ext build steps or anything) so AFAIK a simple conda skeleton has a reasonable chance to be successful at making a conda package for raspbpi
Thanks Bryan, not complicated for you but for me… too afraid to mess with my main raspbian server
I decided to start easy so I’ve install 1.4rc and will test everything on separate ubuntu server on the LAN but using self-signed certs. I’ll report on any glitches.
You may recall I'd built 1.4rc on Ubuntu 18.04 via conda and
successfully got SSL up and started testing. Although SSL works as
expected I’ve still got one or two other problems to resolve to
get fully embedded inside existing webpage without an iframe.
I'd avoided install on Raspbian but as you stated I see pip