Bokeh server only shows when not using --cert=adhoc

Hi All,

I just started with Bokeh but have been doing Python for about two years (super new to this). I currently have an app made in Flask and wanted the Bokeh server to appear on one of the sections.

The development flask server is hosted locally from my Mac using the computer’s name as the URL in the following format .local:8080/

The development Bokeh server is also launched from the same Mac using the URL (I’m using the flask embedded method)

I launch the Flask app using the following code: flask run --host= --port 8080 --cert=adhoc

if I remove --cert=adhoc and launch the web server and go to the URL .local:8080/ it shows but if I launch the web server with --cer=adhoc the app loads but the bokeh content is missing.

If I hit F12 and look at the network section I get some errors:

Websocket connection ‘wss://’ failed:
[bokeh] failed to connect to bokeh server: could not open websocket
[bokeh] failed to load bokeh session : Error: could not open websocket
Error rendering Bokeh items: error: could not open websocket
at d._on_error ()
at socket.onerror ()

Below is the code I’m using for the server document and io_loop:

def bkapp_page():
script = server_document(‘’)
return render_template(“embed.html”, script=script, template=“Flask”)

def bk_worker():
# Can’t pass num_procs > 1 in this configuration. If you need to run multiple
# processes, see e.g.
server = Server({‘/bkapp’: bkapp}, io_loop=IOLoop(), allow_websocket_origin=[“*”])

I am grateful for any help that can be provided.


Hi @Cass in the future, please use proper code formatting so that the code is intelligible (either with the </> icon on the editing toolbar, or triple backtick ``` fences around the code blocks).

The issue is probably this:

script = server_document(‘’)

If you are embedding in a secure page (i.e. one at an HTTPS URL) then the browser will not permit loading insecure content inside the page. So in particular loading http://127.0.1:5006/bkapp in an https page is not going to be allowed. This is a restriction enforced a the browser level, there is no way around it, and nothing we can do to change it.

To confirm this, you can look at your browser’s JavaScript console and you will probably see error messages about access denied, etc.

You would need to make the Bokeh server load from an HTTPS location in order ro be able to embed it in an HTTPS page. Bokeh server does support SSL termination (the corresponding API parameter is ssl_certfile). However you will need to have an actual PEM file to point Bokeh at. I am not sure what Flask’s --cert=adhoc does. If it creates some temp cert that is not available to configure Bokeh with, then it will probably not be viable, and you woudl need to create an actual cert to use for both Flask and Bokeh.

Hi Bryan,

Thank you so much for getting back to me. I promise to be better about formatting code. --cert=adhoc tells the server to use a self-signed certificate.

I have a production server that uses actual SSL certs so I will try to test it out there.

In this situation new direction, would I still be able to continue with the Flask embedded method or would I have to create a fully separate bokeh server with its own domain and its own SSL?

Thank you again for the help.

I think the only other option would be to run a separate bokeh serve process behind a reverse-proxy like Nginx that is configured to terminate SSL (see the docs).

HI Bryan,

Thank you for getting back to me again. I wanted to run a third option by you. What if the bokeh server stays embedded in the flask server and shares the main domains SSL.

Let’s say the domain is something like and it has an SSL. Could the bokeh server be placed at sharing the same SSL?


Yes, in principle, this was my comment earlier:

However you will need to have an actual PEM file to point Bokeh at.

As long as you have the PEM file (and optionally a keyfile if that is relevant to your situation) you can pass it to Bokeh.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.