Bokeh Server and SSL Reverse Proxy

Hi there, I am currently trying to embed a bokeh graphs behind a flask app. My configuration is as follows:
I am running a DigitalOcean server Ubuntu 16. Running NGINX with Flask.

Without https or SSL, everything runs perfectly. With SSL, I have tried tweaking nginx config, bokeh serve config, and flask app.py and resulted in either:

404 failure to load resource, or Mixed content Error

I followed Bryan’s and another user called Julian’s post regarding SSL and Reverse Proxying. I believe Julian solved it and posted the solution on StackOverflow.

I tried his solution changing things where necessary and could not find the solution.

Things that might help, I believe xheaders are crucial. I have tried adding a location block to /dota2lbproject/ and proxy_pass to http://127.0.0.1:5006 but maybe I’m doing it incorrectly.

I also tried adding a location block for /plot/ and running bokeh_serve with --prefix=/plot/

I believe I am close to the solution but I can’t figure it out, any help would greatly be appreciated!

Website is hosted under mysententia.com, and the bokeh app is under mysententia.com/dota2lbproject.

Problem is obviously under https://mysententia.com/dota2lbproject

I have been at this for a week, any help would be very appreciated.

Here are the following files I have:

NGINX CONFIGURATION

/etc/nginx/sites-available/default

upstream flask_siti {

    server 127.0.0.1:8118 fail_timeout=0;

}

upstream bokeh_siti {

    server 127.0.0.1:5006 fail_timeout=0;

}

server {

    listen 80;

    server_name mysententia.com www.mysententia.com;

    # return 301 https://$host$request_uri;

    charset utf-8;

    client_max_body_size 75M;

    access_log /var/log/nginx/flask/access.log;

    error_log /var/log/nginx/flask/error.log;

    location / {

            try_files $uri @proxy_to_app;

    }

    location @proxy_to_app {

            proxy_pass http://flask_siti;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "upgrade";

            proxy_http_version 1.1;

            proxy_set_header X-Forwarded-Proto $scheme;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header Host $host:$server_port;

            proxy_buffering off;

    }

}

server {

    listen 443 ssl;

    server_name mysententia.com www.mysententia.com;

    ssl_certificate /var/www/ssl/mysententia_com.crt;

    ssl_certificate_key /var/www/ssl/mysententia_com.key;

    ssl_session_timeout 1d;

    ssl_session_cache shared:SSL:50m;

    add_header Strict-Transport-Security max-age=15768000;

    charset utf-8;

    client_max_body_size 75M;

    access_log /var/log/nginx/flask/access.log;

    error_log /var/log/nginx/flask/error.log;

    location / {

            try_files $uri @proxy_to_app;

    }

    location @proxy_to_app {

            proxy_pass http://flask_siti;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "upgrade";

            proxy_http_version 1.1;

            proxy_set_header X-Forwarded-Proto $scheme;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header Host $host:$server_port;

            proxy_buffering off;

    }

}

``

BOKEH SERVE, DigitalOcean IP hashed out.

/etc/supervisor/conf.d/bokeh_serve.conf

[program:bokeh_serve]

command=/opt/envs/virtual1/bin/bokeh serve dota2lbproject.py missedchats.py --allow-websocket-origin=#.#.#.# --allow-websocket-origin=mysententia.com --allow-websocket-origin=www.#.#.#.# --allow-websocket-origin=www.mysententia.com --host=mysententia.com:443 --host=www.mysententia.com:443 --host=127.0.0.1:5006 --host=#.#.#.#:5006 --host=mysententia.com:5006 --use-xheaders

directory=/opt/webapps/dota2lb

autostart=false

autorestart=true

startretries=3

user=nobody

``

Flask app

Yes, I know that the two apps running have different syntax, I am trying to see if using a different url for server_session might help.

For dota2lbproject, the error under console is:

GET https://#.#.#.#:5006/dota2lbproject/autoload.js?bokeh-autoload-element=da1aa382-d957-47b3-bd4b-2330eabac787&bokeh-app-path=/dota2lbproject&bokeh-absolute-url=https://#.#.#.#:5006/dota2lbproject&bokeh-session-id=sfWu8M89sXgyVgBjbdxZ9233kTTaQch8xG0LQPQGAjkX net::ERR_CONNECTION_CLOSED

``

Under network,

https://#.#.#.#:5006/dota2lbproject/autoload.js?bokeh-autoload-element=da1aa382-d957-47b3-bd4b-2330eabac787&bokeh-app-path=/dota2lbproject&bokeh-absolute-url=https://#.#.#.#:5006/dota2lbproject&bokeh-session-id=sfWu8M89sXgyVgBjbdxZ9233kTTaQch8xG0LQPQGAjkX

Status failed
Initiator index

``

And under missedchats, the error under console is:

Mixed Content: The page at ‘https://mysententia.com/missedchats/’ was loaded over HTTPS, but requested an insecure script ‘http://104.131.118.220:5006/missedchats/autoload.js?bokeh-autoload-element=73174196-9f01-4c9c-9ac8-b49cf97f621c&bokeh-app-path=/missedchats&bokeh-absolute-url=http://104.131.118.220:5006/missedchats&bokeh-session-id=IRDTxOaPQDIcsohEt9fERRBuXmgfqelc3KnIcIRG53AA’. This request has been blocked; the content must be served over HTTPS.

/favicon.ico Failed to load resource: the server responded with a status of 404 (NOT FOUND)

``

Under network,

http://#.#.#.#:5006/missedchats/autoload.js?bokeh-autoload-element=72b64d2e-b890-4173-b564-cf1617426c54&bokeh-app-path=/missedchats&bokeh-absolute-url=http://#.#.#.#:5006/missedchats&bokeh-session-id=gan03KpEe6imA1Z4cEsbe8sF9ZuxUh702ZYqmHvdYg3n

Status blocked:mixed-content
Initiator index

``

/opt/webapps/dota2lb/app.py

Importing modules, Flask, Bokeh, and ProxyFix

from flask import Flask, render_template

from flask_basicauth import BasicAuth

from bokeh.client import pull_session

from bokeh.embed import server_session

from werkzeug.contrib.fixers import ProxyFix

Instantiate Flask

app=Flask(name)

@app.route("/dota2lbproject/")

def dota2lbproject():

url=“http://#.#.#.#:5006/dota2lbproject”

session=pull_session(url=url)

url_https=“https://#.#.#.#:5006/dota2lbproject”

bokeh_script=server_session(None,session_id=session.id,url=url_https)

return render_template(“dota2lbproject.html”, bokeh_script=bokeh_script)

YDO Missed Chats

@app.route("/missedchats/")

@basic_auth.required

def missedchats():

url=“http://#.#.#.#:5006/missedchats/”

session=pull_session(url=url)

bokeh_script=server_session(None,session.id,url=url)

return render_template(“missedchats.html”, bokeh_script=bokeh_script)

``

Just realized that hashing out my DigitalOcean IP wasn’t all that useful.

Hi, myself I an struggling with setting up a flask-bokeh app on AWS EC2, but I think I have different issues and a;ready passed your issues with https/ssl.

  • You have duplicated the ssl proxy for ports 80 and 443; you need to remove proxy for port http/80, only redirect the request to port ssl/443 using:

server {

listen 80 default_server;

listen [::]:80 default_server;

server_name _;

return 301 https://$host$request_uri;

}

I also have the following in listener for port 443:

    location @proxy_to_app {

            proxy_pass [http://bokeh_siti](http://flask_siti/);

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "upgrade";

            proxy_http_version 1.1;

            proxy_set_header X-Real-IP  $remote_addr;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header Host $host:$server_port;

            proxy_buffering off;

    }
···

On Saturday, February 17, 2018 at 4:01:12 PM UTC, ken.ta…@markitech.ca wrote:

Hi there, I am currently trying to embed a bokeh graphs behind a flask app. My configuration is as follows:
I am running a DigitalOcean server Ubuntu 16. Running NGINX with Flask.

Without https or SSL, everything runs perfectly. With SSL, I have tried tweaking nginx config, bokeh serve config, and flask app.py and resulted in either:

404 failure to load resource, or Mixed content Error

I followed Bryan’s and another user called Julian’s post regarding SSL and Reverse Proxying. I believe Julian solved it and posted the solution on StackOverflow.

I tried his solution changing things where necessary and could not find the solution.

Things that might help, I believe xheaders are crucial. I have tried adding a location block to /dota2lbproject/ and proxy_pass to http://127.0.0.1:5006 but maybe I’m doing it incorrectly.

I also tried adding a location block for /plot/ and running bokeh_serve with --prefix=/plot/

I believe I am close to the solution but I can’t figure it out, any help would greatly be appreciated!

Website is hosted under mysententia.com, and the bokeh app is under mysententia.com/dota2lbproject.

Problem is obviously under https://mysententia.com/dota2lbproject

I have been at this for a week, any help would be very appreciated.

Here are the following files I have:

NGINX CONFIGURATION

/etc/nginx/sites-available/default

upstream flask_siti {

    server [127.0.0.1:8118](http://127.0.0.1:8118) fail_timeout=0;

}

upstream bokeh_siti {

    server [127.0.0.1:5006](http://127.0.0.1:5006) fail_timeout=0;

}

server {

    listen 80;
    server_name [mysententia.com](http://mysententia.com) [www.mysententia.com](http://www.mysententia.com);
    # return 301 https://$host$request_uri;

    charset utf-8;
    client_max_body_size 75M;
    access_log /var/log/nginx/flask/access.log;
    error_log /var/log/nginx/flask/error.log;
    location / {
            try_files $uri @proxy_to_app;
    }
    location @proxy_to_app {
            proxy_pass [http://flask_siti](http://flask_siti);
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host:$server_port;
            proxy_buffering off;
    }

}

server {

    listen 443 ssl;
    server_name [mysententia.com](http://mysententia.com) [www.mysententia.com](http://www.mysententia.com);
    ssl_certificate /var/www/ssl/mysententia_com.crt;
    ssl_certificate_key /var/www/ssl/mysententia_com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    add_header Strict-Transport-Security max-age=15768000;
    charset utf-8;
    client_max_body_size 75M;
    access_log /var/log/nginx/flask/access.log;
    error_log /var/log/nginx/flask/error.log;
    location / {
            try_files $uri @proxy_to_app;
    }
    location @proxy_to_app {
            proxy_pass [http://flask_siti](http://flask_siti);
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host:$server_port;
            proxy_buffering off;
    }

}

``

BOKEH SERVE, DigitalOcean IP hashed out.

/etc/supervisor/conf.d/bokeh_serve.conf

[program:bokeh_serve]

command=/opt/envs/virtual1/bin/bokeh serve dota2lbproject.py missedchats.py --allow-websocket-origin=#.#.#.# --allow-websocket-origin=mysententia.com --allow-websocket-origin=www.#.#.#.# --allow-websocket-origin=www.mysententia.com --host=mysententia.com:443 --host=www.mysententia.com:443 --host=127.0.0.1:5006 --host=#.#.#.#:5006 --host=mysententia.com:5006 --use-xheaders

directory=/opt/webapps/dota2lb

autostart=false

autorestart=true

startretries=3

user=nobody

``

Flask app

Yes, I know that the two apps running have different syntax, I am trying to see if using a different url for server_session might help.

For dota2lbproject, the error under console is:

GET https://#.#.#.#:5006/dota2lbproject/autoload.js?bokeh-autoload-element=da1aa382-d957-47b3-bd4b-2330eabac787&bokeh-app-path=/dota2lbproject&bokeh-absolute-url=https://#.#.#.#:5006/dota2lbproject&bokeh-session-id=sfWu8M89sXgyVgBjbdxZ9233kTTaQch8xG0LQPQGAjkX net::ERR_CONNECTION_CLOSED

``

Under network,

https://#.#.#.#:5006/dota2lbproject/autoload.js?bokeh-autoload-element=da1aa382-d957-47b3-bd4b-2330eabac787&bokeh-app-path=/dota2lbproject&bokeh-absolute-url=https://#.#.#.#:5006/dota2lbproject&bokeh-session-id=sfWu8M89sXgyVgBjbdxZ9233kTTaQch8xG0LQPQGAjkX

Status failed
Initiator index

``

And under missedchats, the error under console is:

Mixed Content: The page at ‘https://mysententia.com/missedchats/’ was loaded over HTTPS, but requested an insecure script ‘http://104.131.118.220:5006/missedchats/autoload.js?bokeh-autoload-element=73174196-9f01-4c9c-9ac8-b49cf97f621c&bokeh-app-path=/missedchats&bokeh-absolute-url=http://104.131.118.220:5006/missedchats&bokeh-session-id=IRDTxOaPQDIcsohEt9fERRBuXmgfqelc3KnIcIRG53AA’. This request has been blocked; the content must be served over HTTPS.

/favicon.ico Failed to load resource: the server responded with a status of 404 (NOT FOUND)

``

Under network,

http://#.#.#.#:5006/missedchats/autoload.js?bokeh-autoload-element=72b64d2e-b890-4173-b564-cf1617426c54&bokeh-app-path=/missedchats&bokeh-absolute-url=http://#.#.#.#:5006/missedchats&bokeh-session-id=gan03KpEe6imA1Z4cEsbe8sF9ZuxUh702ZYqmHvdYg3n

Status blocked:mixed-content
Initiator index

``

/opt/webapps/dota2lb/app.py

Importing modules, Flask, Bokeh, and ProxyFix

from flask import Flask, render_template

from flask_basicauth import BasicAuth

from bokeh.client import pull_session

from bokeh.embed import server_session

from werkzeug.contrib.fixers import ProxyFix

Instantiate Flask

app=Flask(name)

@app.route("/dota2lbproject/")

def dota2lbproject():

url=“http://#.#.#.#:5006/dota2lbproject”

session=pull_session(url=url)

url_https=“https://#.#.#.#:5006/dota2lbproject”

bokeh_script=server_session(None,session_id=session.id,url=url_https)

return render_template(“dota2lbproject.html”, bokeh_script=bokeh_script)

YDO Missed Chats

@app.route("/missedchats/")

@basic_auth.required

def missedchats():

url=“http://#.#.#.#:5006/missedchats/”

session=pull_session(url=url)

bokeh_script=server_session(None,session.id,url=url)

return render_template(“missedchats.html”, bokeh_script=bokeh_script)

``

Just realized that hashing out my DigitalOcean IP wasn’t all that useful.

So I changed my listen 80 and changed the @proxy_to_app to bokeh_siti which is 127.0.0.1:5006.
It works fine showing both my applications.

But now I lost content to all my flask content. Again this is a step towards the solution, thank you Aso.

···

On Saturday, February 17, 2018 at 12:07:45 PM UTC-5, Aso wrote:

Hi, myself I an struggling with setting up a flask-bokeh app on AWS EC2, but I think I have different issues and a;ready passed your issues with https/ssl.

  • You have duplicated the ssl proxy for ports 80 and 443; you need to remove proxy for port http/80, only redirect the request to port ssl/443 using:

server {

listen 80 default_server;

listen [::]:80 default_server;

server_name _;

return 301 https://$host$request_uri;

}

I also have the following in listener for port 443:

    location @proxy_to_app {
            proxy_pass [http://bokeh_siti](http://flask_siti/);
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host:$server_port;
            proxy_buffering off;
    }

On Saturday, February 17, 2018 at 4:01:12 PM UTC, ken.ta…@markitech.ca wrote:

Hi there, I am currently trying to embed a bokeh graphs behind a flask app. My configuration is as follows:
I am running a DigitalOcean server Ubuntu 16. Running NGINX with Flask.

Without https or SSL, everything runs perfectly. With SSL, I have tried tweaking nginx config, bokeh serve config, and flask app.py and resulted in either:

404 failure to load resource, or Mixed content Error

I followed Bryan’s and another user called Julian’s post regarding SSL and Reverse Proxying. I believe Julian solved it and posted the solution on StackOverflow.

I tried his solution changing things where necessary and could not find the solution.

Things that might help, I believe xheaders are crucial. I have tried adding a location block to /dota2lbproject/ and proxy_pass to http://127.0.0.1:5006 but maybe I’m doing it incorrectly.

I also tried adding a location block for /plot/ and running bokeh_serve with --prefix=/plot/

I believe I am close to the solution but I can’t figure it out, any help would greatly be appreciated!

Website is hosted under mysententia.com, and the bokeh app is under mysententia.com/dota2lbproject.

Problem is obviously under https://mysententia.com/dota2lbproject

I have been at this for a week, any help would be very appreciated.

Here are the following files I have:

NGINX CONFIGURATION

/etc/nginx/sites-available/default

upstream flask_siti {

    server [127.0.0.1:8118](http://127.0.0.1:8118) fail_timeout=0;

}

upstream bokeh_siti {

    server [127.0.0.1:5006](http://127.0.0.1:5006) fail_timeout=0;

}

server {

    listen 80;
    server_name [mysententia.com](http://mysententia.com) [www.mysententia.com](http://www.mysententia.com);
    # return 301 https://$host$request_uri;

    charset utf-8;
    client_max_body_size 75M;
    access_log /var/log/nginx/flask/access.log;
    error_log /var/log/nginx/flask/error.log;
    location / {
            try_files $uri @proxy_to_app;
    }
    location @proxy_to_app {
            proxy_pass [http://flask_siti](http://flask_siti);
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host:$server_port;
            proxy_buffering off;
    }

}

server {

    listen 443 ssl;
    server_name [mysententia.com](http://mysententia.com) [www.mysententia.com](http://www.mysententia.com);
    ssl_certificate /var/www/ssl/mysententia_com.crt;
    ssl_certificate_key /var/www/ssl/mysententia_com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    add_header Strict-Transport-Security max-age=15768000;
    charset utf-8;
    client_max_body_size 75M;
    access_log /var/log/nginx/flask/access.log;
    error_log /var/log/nginx/flask/error.log;
    location / {
            try_files $uri @proxy_to_app;
    }
    location @proxy_to_app {
            proxy_pass [http://flask_siti](http://flask_siti);
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host:$server_port;
            proxy_buffering off;
    }

}

``

BOKEH SERVE, DigitalOcean IP hashed out.

/etc/supervisor/conf.d/bokeh_serve.conf

[program:bokeh_serve]

command=/opt/envs/virtual1/bin/bokeh serve dota2lbproject.py missedchats.py --allow-websocket-origin=#.#.#.# --allow-websocket-origin=mysententia.com --allow-websocket-origin=www.#.#.#.# --allow-websocket-origin=www.mysententia.com --host=mysententia.com:443 --host=www.mysententia.com:443 --host=127.0.0.1:5006 --host=#.#.#.#:5006 --host=mysententia.com:5006 --use-xheaders

directory=/opt/webapps/dota2lb

autostart=false

autorestart=true

startretries=3

user=nobody

``

Flask app

Yes, I know that the two apps running have different syntax, I am trying to see if using a different url for server_session might help.

For dota2lbproject, the error under console is:

GET https://#.#.#.#:5006/dota2lbproject/autoload.js?bokeh-autoload-element=da1aa382-d957-47b3-bd4b-2330eabac787&bokeh-app-path=/dota2lbproject&bokeh-absolute-url=https://#.#.#.#:5006/dota2lbproject&bokeh-session-id=sfWu8M89sXgyVgBjbdxZ9233kTTaQch8xG0LQPQGAjkX net::ERR_CONNECTION_CLOSED

``

Under network,

https://#.#.#.#:5006/dota2lbproject/autoload.js?bokeh-autoload-element=da1aa382-d957-47b3-bd4b-2330eabac787&bokeh-app-path=/dota2lbproject&bokeh-absolute-url=https://#.#.#.#:5006/dota2lbproject&bokeh-session-id=sfWu8M89sXgyVgBjbdxZ9233kTTaQch8xG0LQPQGAjkX

Status failed
Initiator index

``

And under missedchats, the error under console is:

Mixed Content: The page at ‘https://mysententia.com/missedchats/’ was loaded over HTTPS, but requested an insecure script ‘http://104.131.118.220:5006/missedchats/autoload.js?bokeh-autoload-element=73174196-9f01-4c9c-9ac8-b49cf97f621c&bokeh-app-path=/missedchats&bokeh-absolute-url=http://104.131.118.220:5006/missedchats&bokeh-session-id=IRDTxOaPQDIcsohEt9fERRBuXmgfqelc3KnIcIRG53AA’. This request has been blocked; the content must be served over HTTPS.

/favicon.ico Failed to load resource: the server responded with a status of 404 (NOT FOUND)

``

Under network,

http://#.#.#.#:5006/missedchats/autoload.js?bokeh-autoload-element=72b64d2e-b890-4173-b564-cf1617426c54&bokeh-app-path=/missedchats&bokeh-absolute-url=http://#.#.#.#:5006/missedchats&bokeh-session-id=gan03KpEe6imA1Z4cEsbe8sF9ZuxUh702ZYqmHvdYg3n

Status blocked:mixed-content
Initiator index

``

/opt/webapps/dota2lb/app.py

Importing modules, Flask, Bokeh, and ProxyFix

from flask import Flask, render_template

from flask_basicauth import BasicAuth

from bokeh.client import pull_session

from bokeh.embed import server_session

from werkzeug.contrib.fixers import ProxyFix

Instantiate Flask

app=Flask(name)

@app.route("/dota2lbproject/")

def dota2lbproject():

url=“http://#.#.#.#:5006/dota2lbproject”

session=pull_session(url=url)

url_https=“https://#.#.#.#:5006/dota2lbproject”

bokeh_script=server_session(None,session_id=session.id,url=url_https)

return render_template(“dota2lbproject.html”, bokeh_script=bokeh_script)

YDO Missed Chats

@app.route("/missedchats/")

@basic_auth.required

def missedchats():

url=“http://#.#.#.#:5006/missedchats/”

session=pull_session(url=url)

bokeh_script=server_session(None,session.id,url=url)

return render_template(“missedchats.html”, bokeh_script=bokeh_script)

``

Just realized that hashing out my DigitalOcean IP wasn’t all that useful.

Hello Kenneth and Aso,

I am having the same problem trying to run bokeh on Django

Request Method:
GET
Request URL:
http://localhost:8000/bokehproxy/bkapp/slider/autoload.js?bokeh-autoload-element=1002&bokeh-app-path=/bokehproxy/bkapp/slider&bokeh-absolute-url=http://localhost:8000/bokehproxy/bkapp/slider&bokeh-session-id=mhOER472OiqQIPujd0855KFMLwYNAAArdK1POi1RKCAQ-B9hNc47p0xphHANeJofNAYmnpf7HG161TsELeZfr9Ac

Since I am new to the whole proxy. I have a feeling that I am not setting the proxy properly. And I am trying to run my application on a windows machine so there is no directory.
/etc/

where can I bokeh serve config? Please let me know if you have any suggestion. Thank you!

···

On Saturday, February 17, 2018 at 11:01:12 AM UTC-5, ken.ta…@markitech.ca wrote:

Hi there, I am currently trying to embed a bokeh graphs behind a flask app. My configuration is as follows:
I am running a DigitalOcean server Ubuntu 16. Running NGINX with Flask.

Without https or SSL, everything runs perfectly. With SSL, I have tried tweaking nginx config, bokeh serve config, and flask app.py and resulted in either:

404 failure to load resource, or Mixed content Error

I followed Bryan’s and another user called Julian’s post regarding SSL and Reverse Proxying. I believe Julian solved it and posted the solution on StackOverflow.

I tried his solution changing things where necessary and could not find the solution.

Things that might help, I believe xheaders are crucial. I have tried adding a location block to /dota2lbproject/ and proxy_pass to http://127.0.0.1:5006 but maybe I’m doing it incorrectly.

I also tried adding a location block for /plot/ and running bokeh_serve with --prefix=/plot/

I believe I am close to the solution but I can’t figure it out, any help would greatly be appreciated!

Website is hosted under mysententia.com, and the bokeh app is under mysententia.com/dota2lbproject.

Problem is obviously under https://mysententia.com/dota2lbproject

I have been at this for a week, any help would be very appreciated.

Here are the following files I have:

NGINX CONFIGURATION

/etc/nginx/sites-available/default

upstream flask_siti {

    server [127.0.0.1:8118](http://127.0.0.1:8118) fail_timeout=0;

}

upstream bokeh_siti {

    server [127.0.0.1:5006](http://127.0.0.1:5006) fail_timeout=0;

}

server {

    listen 80;
    server_name [mysententia.com](http://mysententia.com) [www.mysententia.com](http://www.mysententia.com);
    # return 301 https://$host$request_uri;

    charset utf-8;
    client_max_body_size 75M;
    access_log /var/log/nginx/flask/access.log;
    error_log /var/log/nginx/flask/error.log;
    location / {
            try_files $uri @proxy_to_app;
    }
    location @proxy_to_app {
            proxy_pass [http://flask_siti](http://flask_siti);
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host:$server_port;
            proxy_buffering off;
    }

}

server {

    listen 443 ssl;
    server_name [mysententia.com](http://mysententia.com) [www.mysententia.com](http://www.mysententia.com);
    ssl_certificate /var/www/ssl/mysententia_com.crt;
    ssl_certificate_key /var/www/ssl/mysententia_com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    add_header Strict-Transport-Security max-age=15768000;
    charset utf-8;
    client_max_body_size 75M;
    access_log /var/log/nginx/flask/access.log;
    error_log /var/log/nginx/flask/error.log;
    location / {
            try_files $uri @proxy_to_app;
    }
    location @proxy_to_app {
            proxy_pass [http://flask_siti](http://flask_siti);
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host:$server_port;
            proxy_buffering off;
    }

}

``

BOKEH SERVE, DigitalOcean IP hashed out.

/etc/supervisor/conf.d/bokeh_serve.conf

[program:bokeh_serve]

command=/opt/envs/virtual1/bin/bokeh serve dota2lbproject.py missedchats.py --allow-websocket-origin=#.#.#.# --allow-websocket-origin=mysententia.com --allow-websocket-origin=www.#.#.#.# --allow-websocket-origin=www.mysententia.com --host=mysententia.com:443 --host=www.mysententia.com:443 --host=127.0.0.1:5006 --host=#.#.#.#:5006 --host=mysententia.com:5006 --use-xheaders

directory=/opt/webapps/dota2lb

autostart=false

autorestart=true

startretries=3

user=nobody

``

Flask app

Yes, I know that the two apps running have different syntax, I am trying to see if using a different url for server_session might help.

For dota2lbproject, the error under console is:

GET https://#.#.#.#:5006/dota2lbproject/autoload.js?bokeh-autoload-element=da1aa382-d957-47b3-bd4b-2330eabac787&bokeh-app-path=/dota2lbproject&bokeh-absolute-url=https://#.#.#.#:5006/dota2lbproject&bokeh-session-id=sfWu8M89sXgyVgBjbdxZ9233kTTaQch8xG0LQPQGAjkX net::ERR_CONNECTION_CLOSED

``

Under network,

https://#.#.#.#:5006/dota2lbproject/autoload.js?bokeh-autoload-element=da1aa382-d957-47b3-bd4b-2330eabac787&bokeh-app-path=/dota2lbproject&bokeh-absolute-url=https://#.#.#.#:5006/dota2lbproject&bokeh-session-id=sfWu8M89sXgyVgBjbdxZ9233kTTaQch8xG0LQPQGAjkX

Status failed
Initiator index

``

And under missedchats, the error under console is:

Mixed Content: The page at ‘https://mysententia.com/missedchats/’ was loaded over HTTPS, but requested an insecure script ‘http://104.131.118.220:5006/missedchats/autoload.js?bokeh-autoload-element=73174196-9f01-4c9c-9ac8-b49cf97f621c&bokeh-app-path=/missedchats&bokeh-absolute-url=http://104.131.118.220:5006/missedchats&bokeh-session-id=IRDTxOaPQDIcsohEt9fERRBuXmgfqelc3KnIcIRG53AA’. This request has been blocked; the content must be served over HTTPS.

/favicon.ico Failed to load resource: the server responded with a status of 404 (NOT FOUND)

``

Under network,

http://#.#.#.#:5006/missedchats/autoload.js?bokeh-autoload-element=72b64d2e-b890-4173-b564-cf1617426c54&bokeh-app-path=/missedchats&bokeh-absolute-url=http://#.#.#.#:5006/missedchats&bokeh-session-id=gan03KpEe6imA1Z4cEsbe8sF9ZuxUh702ZYqmHvdYg3n

Status blocked:mixed-content
Initiator index

``

/opt/webapps/dota2lb/app.py

Importing modules, Flask, Bokeh, and ProxyFix

from flask import Flask, render_template

from flask_basicauth import BasicAuth

from bokeh.client import pull_session

from bokeh.embed import server_session

from werkzeug.contrib.fixers import ProxyFix

Instantiate Flask

app=Flask(name)

@app.route("/dota2lbproject/")

def dota2lbproject():

url=“http://#.#.#.#:5006/dota2lbproject”

session=pull_session(url=url)

url_https=“https://#.#.#.#:5006/dota2lbproject”

bokeh_script=server_session(None,session_id=session.id,url=url_https)

return render_template(“dota2lbproject.html”, bokeh_script=bokeh_script)

YDO Missed Chats

@app.route("/missedchats/")

@basic_auth.required

def missedchats():

url=“http://#.#.#.#:5006/missedchats/”

session=pull_session(url=url)

bokeh_script=server_session(None,session.id,url=url)

return render_template(“missedchats.html”, bokeh_script=bokeh_script)

``

Just realized that hashing out my DigitalOcean IP wasn’t all that useful.