Embedded Bokeh server is not connecting on a secure host

Hi,

I have a small embedded Bokeh server using Flask. I can run the bokeh server on a host not requiring secure connection (ssh) and connect to it from any PC.
If now the bokeh server is hosted in a secure host then I am unable to connect to the bokeh server outside this host. A local port forwarded ssh connection is created on my machine where I try to connect from. This connection allows me to connect to the flask server but not the connection to the bokeh server.

Below is a simple example:

import sys
from threading import Thread

from flask import Flask
from flask import render_template_string

from tornado.ioloop import IOLoop

from bokeh.embed import server_document
from bokeh.server.server import Server


app = Flask(__name__)

app.config.update(
    {
        'MAX_CONTENT_LENGTH': 80 * 1024 * 1024,
        'NETWORK_MODEL_UPLOAD_EXTENSIONS': ['.xlsx'],
        'SIMULATION_CONFIG_UPLOAD_EXTENSIONS': ['.json'],
        'PLOTTING_CONFIG_UPLOAD_EXTENSIONS': ['.json'],
        'UPLOAD_PATH': 'uploads',
        'bokeh_server_addr': 'localhost',
        'bokeh_server_port': 5100,
        'flask_server_port': 8100
    }
)


template_str = """
<!doctype html>

<html lang="en">
<head>
    <meta charset="utf-8">
    <title>MAST server</title>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.7.1/min/dropzone.min.css">
</head>

<body>
    <div>
        This Bokeh app below served by a Bokeh server that has been embedded in another web app framework. For more information see the section
        <a target="_blank" href="https://docs.bokeh.org/en/latest/docs/user_guide/server.html#embedding-bokeh-server-as-a-library">Embedding Bokeh Server as a Library</a> in the User's Guide.
    </div>
    {{ script|safe }}
</body>
</html>
"""

def client_connecting(doc):
    """A new client is connected to the server.

    Args:
        doc (Bokeh Document): The bokeh document associated to the client.
    """
    print('client_connecting(): A client is connecting!!!')


@app.route('/', methods=['GET'])
def bkapp_page():
    """Html address of the home page.

    Returns:
        Object: The html home page
    """
    print('bkapp_page(): Flask request received')
    address = app.config['bokeh_server_addr']

    url = 'http://{}:{}/bkapp'.format(address, app.config['bokeh_server_port'])
    script = server_document(url)
    ret = render_template_string(template_str, script=script, template="Flask")
    return ret


def bk_worker():
    """Background worker to run the Bokeh server.
    """
    address = app.config['bokeh_server_addr']

    port = app.config['bokeh_server_port']
    flask_server_port = app.config['flask_server_port']

    server = Server(
        {'/bkapp': client_connecting},
        address=address,
        port=port,
        io_loop=IOLoop(),
        allow_websocket_origin=[f'*:{flask_server_port}'],
    )
    server.start()
    server.io_loop.start()


def main(argv):
    """The main of this script.

    Args:
        argv (list): The arguments of this script.
    """
    print('argv={0}'.format(argv))
    Thread(target=bk_worker).start()

    flask_server_port = app.config['flask_server_port']
    print(f'Opening single process Flask app with embedded Bokeh application on http://localhost:{flask_server_port}/')
    print()
    print('Multiple connections may block the Bokeh app in this configuration!')
    print('See "flask_gunicorn_embed.py" for one way to run multi-process')
    print()
#    app.run(host='0.0.0.0', port=flask_server_port, ssl_context=('C:\\Users\\gilles.faure\\cert.pem', 'C:\\Users\\gilles.faure\\key.pem'))
    app.run(host='0.0.0.0', port=flask_server_port)


if __name__ == '__main__':
    main(sys.argv)

I can see the print in bkapp_page() but I can’t see the print in client_connecting(doc) if connecting outside the host secure box. I can see both prints when connecting from inside the secure box.

I do not understand what is the issue.
Could you help please?
Thanks
Gilles

Bokeh server comms happen on a websocket. Will a forwarded SSH connection also handle websockets? I doubt it, in which case this cannot work.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.