CEETRON Envision Web HTTPS server using reverse proxy


This article is step-by-step guide to create CEETRON Envision Web server with HTTPS (SSL) server.

When UG server is configured, there is a non-standard port: 8998 that is open to the internet, posing a security risk. We’ll need to close it by restricting the non-standard port to the private environment. It’s important the user minimizes exposure to the public zone.

If you haven’t created HTTPS server, please refer this article: How to setup HTTPS server with AWS


CEETRON server installation

Place the folders and files required for the CEW server from the SDK.
Here is an illustration of how to configure the server:

+ var
  + www
    + html
      + sample_ug.html
      + MinimalUg.js
      + cew_common
    + cew_server
      + CugServer
      + GeoServer
      + UgServer
    + cew_models
  1. Transfer the .zip file of CEETRON Envision Web to the /tmp folder of the virtual server via SCP
  2. Extract the .zip file
cd /tmp
unzip CeetronEnvisionWeb_1.X.X_XXXXXXXX.zip
  1. Allocate the necessary folders in a root folder of nginx
sudo mv server/ /var/www/cew_server
sudo mv TestModels/ /var/www/cew_models
sudo mv Examples/Common/ /var/www/html/cew_common
sudo mv Examples/MinimalUg/MinimalUg.js /var/www/html/

License file installation

  1. Transfer a valid hoops_license.h file to the /tmp folder of the virtual server via SCP
  2. Allocate the license file
sudo mv hoops_license.h /var/www/cew_server/UgServer/

UG server setup

  1. Open config file of UG server
sudo vi /var/www/cew_server/UgServer/Main.js
  1. Edit the following lines
const USE_HTTPS = true;
let MODEL_PATH = process.env.CEW_UG_MODEL_PATH || path.join(__dirname, "/../../cew_models/");
    let privateKey = fs.readFileSync('/etc/letsencrypt/live/YOUR_DOMAIN_NAME/privkey.pem');
    let certificate = fs.readFileSync('/etc/letsencrypt/live/YOUR_DOMAIN_NAME/fullchain.pem'); 

Minimal sample viewer creation

  1. Create a sample HTML and open
sudo touch /var/www/html/sample_ug.html
sudo vi /var/www/html/sample_ug.html
  1. Implement the following HTML
<!doctype html>
      <title>CEETRON Envision for Web - Minimal Ug Client App</title>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <script src="cew_common/socket.io.min.js"></script>
      <script src="cew_common/CeeEnvisionWebComponents.js"></script>
      <script src="MinimalUg.js"></script>

  <body onload="MinimalUg.startApp()">
      <h1 style="text-align:left;font-family:verdana;font-size:24px;color:#2B81AF">CEETRON Envision for Web - Minimal Ug Client App</h1>
      <canvas id="myGlCanvas" width="800" height="600">
          Your browser doesn't appear to support the HTML5 <code>&lt;canvas&gt;</code> element.
      <button onclick="MinimalUg.showFirstScalarResult()">Show First Scalar Result</button>
      <button onclick="MinimalUg.toggleModelMesh()">Toggle Element Mesh</button>

UgServer setup and start

  1. Edit the inbound rules of the virtual server to open port 8998

  2. Install Node.js and npm

sudo apt-get install nodejs npm
  1. Change current directory
cd /var/www/cew_server_UgServer
  1. Execute the following command to fetch UgServer’s single dependency, Socket.io.
sudo npm install
  1. Start the UG server
sudo npm run startLinux
  1. Open https://YOUR_DOMAIN_NAME/sample_ug.html using your web browser to verify you have configured the UG server correctly

Reverse proxy settings

The UG server has now been configured, but there is a non-standard port: 8998 posing a security risk. We’ll need to close it by restricting the non-standard port to the private environment.

  1. Stop the UG Server by pressing the Ctrl + C key on the SSH

  2. Delete port: 8998 in the inbound rules of the security group

  3. Open the nginx setting file

sudo vi /etc/nginx/sites-enabled/default

Add the following location under existing location / {…}

        location /socket.io/ {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;

                proxy_pass https://localhost:8998;

                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                proxy_set_header Access-Control-Allow-Origin "*";
                proxy_set_header Access-Control-Allow-Methods "POST, GET, OPTIONS";
                proxy_set_header Access-Control-Allow-Headers "DNT, X-Mx-ReqToken, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type";
                proxy_set_header Access-Control-Allow-Credentials true;
  1. Save and quit: :wq
  2. Reload nginx
sudo service nginx reload
  1. Open client side javascript
sudo vi /var/www/html/MinimalUg.js
  1. Remove port number (8998) from the server URL valuable and set model name
        var vizServerUrl = protocol + window.location.hostname;
  1. Save and quit: :wq

  2. Start the UG server

sudo npm run startLinux
  1. Reload the sample page

Since socket.io adds socket.io at the end of given server URL, it can redirect to “private IP address:8998” using reverse proxy setting.