I have the interactive slider example, sliders.py, running locally on my server with no issues. However, when I try to use Apache 2.4.7 to set up a reverse proxy between bokeh.example.blah and http://127.0.0.1:5006/sliders, the page on a remote computer loads without the interactive element, although HTML elements like the page title do load.
I run sliders.py with this command
bokeh serve sliders.py --host bokeh.example.blah
A tornado 404 warning pops up when I try to access bokeh.example.blah:
INFO:bokeh.command.subcommands.serve:Starting Bokeh server on port 5006 with applications at paths ['/sliders']
DEBUG:bokeh.server.tornado:[pid 7611] 0 clients connected
DEBUG:bokeh.server.tornado:[pid 7611] /sliders has 0 sessions with 0 unused
INFO:tornado.access:200 GET /sliders (127.0.0.1) 43.49ms
WARNING:tornado.access:404 GET /slidersstatic/css/bokeh.min.css?v=25ce17349a0082e9eeac845e42a822ec (127.0.0.1) 0.84ms
WARNING:tornado.access:404 GET /slidersstatic/css/bokeh-widgets.min.css?v=3b73ec63df304369ffc9c7e5132463cd (127.0.0.1) 0.78ms
WARNING:tornado.access:404 GET /slidersstatic/js/bokeh.min.js?v=50ffae624cbe67773b5995270f946406 (127.0.0.1) 0.69ms
WARNING:tornado.access:404 GET /slidersstatic/js/bokeh-widgets.min.js?v=7cfd458197bc395bb09e9dc3b8ac7975 (127.0.0.1) 0.71ms
WARNING:tornado.access:404 GET /slidersstatic/js/bokeh-compiler.min.js?v=28af56ac5027aa8d0ab96086ec1da10b (127.0.0.1) 0.74ms
I this is my 000-default.conf
<VirtualHost *:80>
ProxyHTMLEnable On
ProxyPreserveHost On
ServerName bokeh.example.blah
ProxyPass / http://127.0.0.1:5006/sliders
ProxyPassReverse / http://127.0.0.1:5006/sliders
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Interestingly, no apache error log is created when this happens.
Googling tells me that serving dynamic content with apache through a reverse proxy is sometimes problematic- this led me to add the 'ProxyHTMLEnable On' to my .conf file. If anyone has seen this sort of issue before and has advice it would be much appreciated!
I also notice that there seem to be a few places that indicate that documnetation about how to deploy bokeh apps is pending. For instance, the empty Deploying for Production section here, or this issue. Does information about this already exist and I'm just looking in the wrong place?
Thanks!
Update:
I now have a different error.
The previous error was due to the fact that I hadn't specified where bokeh keeps its static files. I did so by modifying '000-default.conf' to this:
<VirtualHost *:80>
ServerName bokeh.example.blah
ProxyPreserveHost On
ProxyPass /sliders/ws ws://127.0.0.1:5100/sliders/ws
ProxyPassReverse /sliders/ws ws://127.0.0.1:5100/sliders/ws
ProxyPass /sliders http://127.0.0.1:5100/sliders/
ProxyPassReverse /sliders http://127.0.0.1:5100/sliders/
<Directory />
Require all granted
Options -Indexes
</Directory>
Alias /static /usr/local/lib/python2.7/dist-packages/bokeh/server/static
<Directory /usr/local/lib/python2.7/dist-packages/bokeh/server/static>
# directives to effect the static directory
Options +Indexes
</Directory>
</VirtualHost>
As before, I can load only the title of the HTML page, but not the interactive plot. Now, the java console gives me this error:
WebSocket connection to 'ws://bokeh.example.blah/sliders/ws?bokeh-protocol-version=1.0&bokeh-session-id=pyrxrMepBAnQyAdl4UpACinDdhxcegz0SWtNnonrLngM' failed: Error during WebSocket handshake: Unexpected response code: 500
bokeh.min.js?v=50ffae6…:62 Bokeh: Failed to connect to Bokeh server Error: Could not open websocket
I would really appreciate advice!
Related
I am attempting to access OrientDB's REST API through a reverse proxy. That is, I have a domain orientdb.mydomain.com that forwards to localhost:2480, where the server is. I have this working on the unsecured website, so I can access http://orientdb.mydomain.com and it brings up the studio site:
http://orientdb.mydomain.com/studio/index.html
However, this does not work through https. I get a 404 error ("The requested URL /studio/index.html was not found on this server")
I have a feeling that I'm not using the correct documentroot or there is something funny about OrientDB that it's generating the path above in another way. I cannot actually find this /studio directory anywhere.
This is from my virtualhost setting in my ssl.conf file.
<VirtualHost _default_:443>
DocumentRoot "/opt/orientdb-3.0.6/www"
<Directory "/opt/orientdb-3.0.6/www">
Require all granted
</Directory>
ServerName orientdb.mydomain.com
#more stuff
</VirtualHost>
By the way, I originally had the following options in my Directory tag, but it gave a forbidden error. I changed it to Require all granted and it now says not found- so I think I'm making progress.
AllowOverride All
Order allow,deny
In summary, is it possible to access the OrientDB server in this way and if so what do I put as DocumentRoot, etc?
I don't think you can do that.
OrientDB has its own HTTP server embedded so the only way it can work is with the reverse proxy configuration.
You can expose your web server (apache HTTP I guess) in https and terminate the "s" there, proxying to orientdb HTTP port (2480).
This turned out not to be an OrientDB issue, but a proxy issue. I had used a virtualhost to set up the proxy on port 80, but I did not do the same for port 443. After adding these settings to my 443 virtualhost on orientdb.mydomain.com, I was able to access the studio and the HTTP REST API through HTTPS.
ProxyPass / http://127.0.0.1:2480/
ProxyPassReverse / http://127.0.0.1:2480/
<Proxy *>
Require all granted
</Proxy>
I have an httpd server configured and working. The server returns "It works" and I can see the SSL is installed correctly.
The next step I undertook was configuring the reverse proxy, so that the users requests are redirected and I can have more customers' apps under one subdomain. The httpd configuration (shown below) I use is not mine, I am just attempting to reconfigure it to work for me. But with no big success up to now. There are directives that may be incorrect, but I have not tried commenting anything out.
#Apache is listening on port 443
Listen 443
SSLSessionCache shmcb:c:/Apache24/logs/shmcb_cache(512000)
SSLSessionCacheTimeout 300
Mutex default ssl-cache
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost *:443>
#ProxyPreserveHost On
SSLProxyEngine On
ServerName XXXX.sk
ServerAdmin admin
# Logs
ErrorLog /var/log/rsk_error_log
TransferLog /var/log/rsk_access_log
# Server Certificate and Private Key:
SSLCertificateFile /ssl/certificate.crt
SSLCertificateKeyFile /ssl/private.key
SSLCertificateChainFile /ssl/chain.crt
#Include conf/extra/proxy-443-to-8890.conf
ProxyPass /customer http://172.17.0.4:8080
ProxyPassReverse /customer http://172.17.0.4:8080
</VirtualHost>
Now when I type XXXX.sk/customer I receive a response which is a login screen, but it is incorrectly rendered, the CSS is not used at all. There are many errors appearing. When I log in, no response is returned and the URL is corrupted.
Can any of you, using httpd in a reverse proxy mode, please share your configs, at least a part of them?
The default webroot in base-component is mapping to / in url. All of resources like css, js etc is using "/" to build url, So Although the proxying is
ProxyPass /customer http://172.17.0.4:8080
The actual js location is still
/lib/jquery/jquery-ui.min.css
not
/customer/lib/jquery/jquery-ui.min.css
To make it work, the reverse proxy would need more messy location proxy_pass configurations.
So using additional path to proxy the webroot is not suggested.
I'm having a hell of a time setting up a web2py server in a way that allows me to access the admin and appadmin interfaces from anywhere other than localhost, which is a requirement for me because the web2py server is hosted in a cloud location without a browser or X server. I understand that to access web2py's admin or appadmin interfaces from outside localhost that I must use SSL/HTTPS.
The web2py documentation seems to declare two different ways to do this. First, from the general web2py startup tutorial:
The administrative interface, admin, is only accessible from localhost
unless you run web2py behind Apache with mod_proxy. If admin detects a
proxy, the session cookie is set to secure and admin login does not
work unless the communication between the client and the proxy goes
over HTTPS
This lead me to search the web for how to setup web2py behind and apache which lead me to the web2py deployment recipes page, where it describes setting up web2py behind apache using mod_wsgi instead of mod_proxy. These are the instructions I'm currently following exactly, with the exception of updating the /etc/apache2/sites-available/web2py file to apache2.4 syntax and modifying the ServerName directive's value to "foo.bar.com" (omitted: the domain name of cloud box containing the server, this is replaced with foo.bar.com throughout this question).
However, when I get to the
When you restart Apache, it should pass all the requests to web2py without going through the Rocket wsgiserver.
part of the that web2py+apache+mod_wsgi tutorial, apache does not appear to be passing anything to web2py for me. I went ahead and moved the wsgihandler.py file as the next step in the tutorial describes, and here's my current state:
If I browse to foo.bar.com:80 from another machine, I get the Apache2 Ubuntu Default Page (the "It works!" page).
If I browse to foo.bar.com:8000 (web2py port), I the web2py server's default interface, but with no access to admin or appadmin because of the unsecure channel.
If I try to browse to foo.bar.com:443, I get the generic "Index of /" apache server
page. On this page "/" contains one directory link "html", which
is a link to the Apache2 Ubuntu Default Page (the "It works!" page).
Other information:
I have an untouched instance of web2py installed at /home/www-data/web2py except that I've moved /home/www-data/web2py/handlers/wsgihandler.py to /home/www-data/web2py/wsgihandler.py
The contents of my /etc/apache2/site-available/ directory are:
000-default.conf (not touched by me)
default-ssl.conf (not touched by me)
web2py (created by me)
I've manually started up web2py with python ~/web2py/web2py.py --ip 10.7.166.27 (that's the IP for foo.bar.com (real domain name omitted))
apache2 is running as user www-data
The server OS is Ubuntu Server 14.04 x64
This is my /etc/apache2/sites-available/web2py file:
<VirtualHost *:80>
ServerName foo.bar.com
WSGIDaemonProcess web2py user=www-data group=www-data display-name=%{GROUP}
WSGIProcessGroup web2py
WSGIScriptAlias / /home/www-data/web2py/wsgihandler.py
<Directory /home/www-data/web2py>
AllowOverride None
Require all denied
<Files wsgihandler.py>
Require all granted
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /users/www-data/web2py/applications/$1/static/$2
<Directory /users/www-data/web2py/applications/*/static/>
Order Allow,Deny
Allow from all
</Directory>
<Location /admin>
Require all denied
</Location>
<LocationMatch ^/([^/]+)/appadmin>
Require all denied
</LocationMatch>
CustomLog /private/var/log/apache2/access.log common
ErrorLog /private/var/log/apache2/error.log
</VirtualHost>
<VirtualHost *:443>
ServerName foo.bar.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
WSGIProcessGroup web2py
WSGIScriptAlias / /users/www-data/web2py/wsgihandler.py
<Directory /users/www-data/web2py>
AllowOverride None
Require all denied
<Files wsgihandler.py>
Require all granted
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /users/www-data/web2py/applications/$1/static/$2
<Directory /users/www-data/web2py/applications/*/static/>
Require all granted
</Directory>
CustomLog /private/var/log/apache2/access.log common
ErrorLog /private/var/log/apache2/error.log
</VirtualHost>
Alright! I found my stupid mistake while writing this up. I had never bothered to properly configure apache itself:
/etc/apache2/sites-available/000-default.conf and /etc/apache2/sites-available/default-ssl.conf were why I was seeing what I was seeing when browsing to foo.bar.com:80 and foo.bar.com:443 respectively.
apache2.4 seems to require the .conf on configuration files, I didn't have that so I renamed /etc/apache2/sites-available/web2py to /etc/apache2/sites-available/web2py.conf
I didn't have a symlink to /etc/apache2/sites-available/web2py at /etc/apache2/sites-enabled/web2py, so I made one.
So, as of now:
When I browse to foo.bar.com:80 I get the same Apache2 Ubuntu Default Page, BUT
When I browse to foo.bar.com:80/web2py I get an internal server error which the apache logs tell me is a python import error from wsgihandler.py, which means the apache<->mod_wsgi<->web2py link is up and running
When I browse to foo.bar.com:443/web2py I get Chrome's yellow screen complaining about my self-signed certificate and after clicking through I get a permissions-denied page, presumably because of something I haven't set up yet in web2py/SSL
This means my original question is answered, but I might come back here and comment/edit if I get stumped again getting SSL to work.
I am trying to run designer-school.com on my server. I have added this VirtualHost
<VirtualHost *:80>
DocumentRoot /var/www/html/backendtwo
ServerName www.designer-school.com
<Directory /var/www/html/backendtwo>
Allow from all
Options +Indexes
</Directory>
</VirtualHost>
This now means I can access the domain designer-school.com
But if i try and access other folders on this server I get 404 errors for example
http://joshhornby.co.uk/typewriter
And also If i try and access a blog post on the root website
http://joshhornby.co.uk/post/web-course
Is there a way to run the domain designer-school on the server but it won't impact the other sites running on the server?
I have looked at running multiple VirtualHosts must when I restart the server I get this message
[warn] _default_ VirtualHost overlap on port 80, the first has precedence
Is there something in my .haccess file I need to change?
Heyas. I'm using mod_proxy with apache2 provide vhost ability to multiple servlet apps running on the local machine. It works fine, for the most part. Requests come into apache then are directed to the application bound on a port on localhost. The app receives the request and responds, which is delivered back to the client by apache.
The problem I'm having is that the application delivers 500's on errors, and mod_proxy stomps on them. Often these errors are caused in a ajax request and the error is handled in client side javascript. For example, a call to a server side createObject(name) might throw a NameNotUniqueException , which is delivered back as a 500. The client javascript might then display an appropriate error message.
When an error is thrown by the application (resulting in a 500 response to mod_proxy), then apache stomps the error message and returns
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
.. the stock apache server side error message.
I want mod_proxy to pass the original 500 back through to the client. Is there a directive I've missed which prevents clobbering of the 500?
TIA
Do you have
ProxyRequests Off
ProxyErrorOverride Off
ProxyPass /path/ http://backend.ip/path/
ProxyPassReverse / http://backend.domain/
Replace backend.ip and backend.domain with your values (i am using backend.ip here as it prevents apache from running dns queries on each request).
Usually errors are reported as is. Because ProxyErrorOverride defaults to off. If this doe not happen with my configuration, please check if the 500 is really from your backend server. Or just show us your complete proxy configuration.
I have the same problem, getting a blank 500 pages since changing from apache2/mod_wsgi to apache2 with reverse proxy to mod_wsgi-express.
My config (replaced actual domain with www.example.com):
<VirtualHost *:443>
ServerName www.example.com
ProxyRequests Off
ProxyErrorOverride Off
ProxyPass / http://localhost:8001/
ProxyPassReverse / https://www.example.com/
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ErrorLog /var/log/apache2/www.example.com.error.log
LogLevel warn
CustomLog /var/log/apache2/www.example.com.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/fullchain.pem
</VirtualHost>