search

ISISComputingGroup / IBEX

Top level repository for IBEX stories
5 stars 2 forks source link

web dashboard/json bourne: support https #7156

Open FreddieAkeroyd opened 2 years ago

FreddieAkeroyd commented 2 years ago

The web dashboards (dataweb.isis.rl.ac.uk) does not currently support https access, this looks to be causing issues with eduroam in some circumstances. I added a certificate to the server but if you access 'https://dataweb.isis.rl.ac.uk/IbexDataweb/default.html?Instrument=larmor in chrome with the developer tools debug console you get

Mixed Content: The page at 'https://dataweb.isis.rl.ac.uk/IbexDataweb/default.html?Instrument=larmor' was loaded over HTTPS, but requested an insecure script 'http://dataweb.isis.rl.ac.uk:60000/?callback=jQuery321044040486312244775_1653002064842&Instrument=larmor&_=1653002064845'. This request has been blocked; the content must be served over HTTPS.

json bourne serves information from port 60000 but not in secure format.

Though the issue was reported by an isis scientist connected externally via eduroam, we have been having strange issues with local visitors on eduroam being unable to connect to dashboards. This may resolve that too.

Acceptance criteria

rerpha commented 2 years ago

potentially just need to do this:

http_server = tornado.httpserver.HTTPServer(application, ssl_options={
        "certfile": "/var/pyTest/keys/ca.csr",
        "keyfile": "/var/pyTest/keys/ca.key",
    })

in https://github.com/ISISComputingGroup/JSON_bourne/blob/master/webserver.py#L92-L94

LilithCole commented 2 years ago

If somebody shows me where the cert and key are I'd happily just FR that

FreddieAkeroyd commented 2 years ago

It is IIS so was installed as per https://www.digicert.com/kb/csr-creation-ssl-installation-iis-10.htm however the cer i was sent didn't work and i had to import it "PKCS#7, PEM encoded". I am not sure where the private key is, we'll need to look at some more docs...

FreddieAkeroyd commented 2 years ago

https://www.digicert.com/kb/ssl-support/apache-ssl-export.htm

FreddieAkeroyd commented 2 years ago

Manged to extract certificates from server, briefly tested and it seems to work though it upsets existing web dashboards until they are restarted/cached cleared. It seems the browsers cache the javascript and don't check if it has changed, hence don't notice the swap to https on 60000. So we'll need to coordinate with a post to scientists. Alternative would be to setup a new port for https, but we'd need to get it opened at firewall etc. so easier just to get people to reset browsers

Tom-Willemsen commented 1 year ago

Dashboards all seem to be working ok for me on https; can this issue be closed?