Open mottosso opened 7 years ago
I think in order to do this, we would have to make changes akin to this to py/server.py
: https://stackoverflow.com/questions/20636145/tornado-ssl-certs?answertab=votes#tab-top
The basic idea is to pass a key-file and a cert-file into a tornado HTTPServer
, and then run the server on port 443.
I think I would prefer to keep the default behavior as-is though: my hunch is quite a few users may want to run the visdom server on a different machine than the client(s), but may not have a CA-certificate? Hiding the https behavior behind a -cert_file
flag seems fine though. Feel free to send a PR implementing that!
I'm also uncertain about how exactly it can be done, but I don't think we need to involve certificates if certificates are handled by the reverse proxy; I think all we would need to do is have the Visdom web application make requests using the string https://
rather than http://
. It'd be for addresses requested from itself, such as for it's CSS and Javascript assets.
If that doesn't sound familiar, I can take a closer look at where these requests might come from in the coming days.
If that's the case, perhaps adding something like this may do the trick?
def prepare(self):
if self.request.protocol == "http":
self.redirect("https://%s" % self.request.full_url()[len("http://"):], permanent=True)
You would presumably have to add it here (and hide it behind some input flag).
@mottosso Did you get a chance to test this potential solution?
Hi @lvdmaaten, I did not, and have since moved on to other projects. Sorry about the noise.
Can I help with this one @lvdmaaten @JackUrb ?
@rubiagatra of course if you'd like, however this is one of the few visdom issues that I don't really have any strong intuition on how to properly implement it as I have little to no experience with ssl
or https
requirements in general.
If that's the case, perhaps adding something like this may do the trick?
def prepare(self): if self.request.protocol == "http": self.redirect("https://%s" % self.request.full_url()[len("http://"):], permanent=True)
You would presumably have to add it here (and hide it behind some input flag).
Hi @lvdmaaten , I have the same problem as described by @mottosso , I would like to try your solution but the link is broken, and when I go to the line 180 of server.py I don't find the right place to test your function. Can you help me please? Thanks in advance!
Is there any way to tell Visdom to make requests over HTTPS as opposed to HTTP?
When setting up a reverse proxy with HTTPS, pointing to
localhost:8097
, I get these messages (Chrome).Which is fine for development purposes, however I also receive this error message that I'm not sure how to resolve.
And this (Edge)
For completeness, here's the Caddy configuration on how I'm reverse proxying Visdom.