configuration of VTKWeb remote server with wss

EMalikova · September 24, 2021, 2:10pm

Dear All,

I have an issue with secure WebSocket configuration on wss (vtk web in multiuser set up with apache as proxy). For the client running on https the WebSocket connection fails with the message below:

index.js:51 Mixed Content: The page at … was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint ‘ws://<sever_name>/ws’. This request has been blocked; this endpoint must be available over WSS.
T.t.connect @ index.js:51
…
index.js:55 DOMException: Failed to construct ‘WebSocket’: An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.

I have tried to configure the system according to WSS is not supported in paraviewweb 4.1 · Issue #114 · Kitware/paraviewweb · GitHub .

1)The client url is configured as follows
if (location.port === ‘443’) {

    config.sessionURL="wss://${location.hostname}:443/proxy?sessionId=${id}&path=ws";

}

2)The launcher configuration is:
“configuration”: {
“log_dir”: “/data/pvw/logs”,
“host”: “localhost”,
“endpoint”: “paraview”,
“sessionURL”: “wss://<server_name>:443/proxy?sessionId=${id}&path=ws”,
“timeout”: 25,
“upload_dir”: “/data/pvw/upload”,
“fields”: [“file”, “host”, “port”, “updir”],
“port”: 9020,
“proxy_file”: “/data/proxy.txt”
},

3)The apache configuration looks like:

<IfModule mod_ssl.c>
<VirtualHost <server_name>:443>
 ServerName   <server_name>
 
 DocumentRoot /data/www

  ErrorLog /data/www/logs/error.log
  CustomLog /data/www/logs/access.log combined

 <Directory /data/www>
     Options Indexes FollowSymLinks
     Order allow,deny
     Allow from all
     AllowOverride All
     Require all granted
     RewriteEngine On
     RewriteBase /


     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule . /index.html [L]
 </Directory>
 
 # Handle launcher forwarding
 ProxyPreserveHost On
 ProxyPass /paraview https://localhost:9020/paraview

 # Handle WebSocket forwarding
 RewriteEngine On
 RewriteMap session-to-port txt:/data/proxy.txt
 RewriteCond %{QUERY_STRING} ^sessionId=(.*)&path=(.*)$ [NC]
 RewriteRule ^/proxy.*$  ws://${session-to-port:%1}/%2  [P]

 SSLCertificateFile .../fullchain.pem
 SSLCertificateKeyFile ../privkey.pem
 Include /etc/letsencrypt/options-ssl-apache.conf

Could you help me with this, please?
Best regards,
Evgeniya

Sebastien_Jourdain · September 24, 2021, 2:48pm

I think this ProxyPass /paraview https://localhost:9020/paraview should be ProxyPass /paraview http://localhost:9020/paraview

Sebastien_Jourdain · September 24, 2021, 2:49pm

The client should not need to do anything. The server is supposed to let the client know where to connect. The error you have show that the launcher did not work and the fallback sessionURL was used.

EMalikova · September 24, 2021, 3:00pm

Thank you very much. That fixed the problem.