CEETRON Envision Web HTTPS server using reverse proxy

Introduction

This article is step-by-step guide to create CEETRON Envision Web server with HTTPS (SSL) server.

When UG server is configured, there is a non-standard port: 8998 that is open to the internet, posing a security risk. We’ll need to close it by restricting the non-standard port to the private environment. It’s important the user minimizes exposure to the public zone.

If you haven’t created HTTPS server, please refer this article: How to setup HTTPS server with AWS

Instruction

CEETRON server installation

Place the folders and files required for the CEW server from the SDK.
Here is an illustration of how to configure the server:

+ var
  + www
    + html
      + sample_ug.html
      + MinimalUg.js
      + cew_common
    + cew_server
      + CugServer
      + GeoServer
      + UgServer
    + cew_models

1. Transfer the .zip file of CEETRON Envision Web to the /tmp folder of the virtual server via SCP
2. Extract the .zip file

cd /tmp
unzip CeetronEnvisionWeb_1.X.X_XXXXXXXX.zip

3. Allocate the necessary folders in a root folder of nginx

sudo mv server/ /var/www/cew_server
sudo mv TestModels/ /var/www/cew_models
sudo mv Examples/Common/ /var/www/html/cew_common
sudo mv Examples/MinimalUg/MinimalUg.js /var/www/html/

License file installation

1. Transfer a valid hoops_license.h file to the /tmp folder of the virtual server via SCP
2. Allocate the license file

sudo mv hoops_license.h /var/www/cew_server/UgServer/

UG server setup

1. Open config file of UG server

sudo vi /var/www/cew_server/UgServer/Main.js

2. Edit the following lines

...
const USE_HTTPS = true;
let MODEL_PATH = process.env.CEW_UG_MODEL_PATH || path.join(__dirname, "/../../cew_models/");
...
    let privateKey = fs.readFileSync('/etc/letsencrypt/live/YOUR_DOMAIN_NAME/privkey.pem');
    let certificate = fs.readFileSync('/etc/letsencrypt/live/YOUR_DOMAIN_NAME/fullchain.pem'); 

Minimal sample viewer creation

1. Create a sample HTML and open

sudo touch /var/www/html/sample_ug.html
sudo vi /var/www/html/sample_ug.html

2. Implement the following HTML

<!doctype html>
<html>
  <head>
      <title>CEETRON Envision for Web - Minimal Ug Client App</title>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  
      <script src="cew_common/socket.io.min.js"></script>
      <script src="cew_common/CeeEnvisionWebComponents.js"></script>
      <script src="MinimalUg.js"></script>
  </head>

  <body onload="MinimalUg.startApp()">
      <h1 style="text-align:left;font-family:verdana;font-size:24px;color:#2B81AF">CEETRON Envision for Web - Minimal Ug Client App</h1>
  
      <canvas id="myGlCanvas" width="800" height="600">
          Your browser doesn't appear to support the HTML5 <code>&lt;canvas&gt;</code> element.
      </canvas>
      <br>
      <button onclick="MinimalUg.showFirstScalarResult()">Show First Scalar Result</button>
      <button onclick="MinimalUg.toggleModelMesh()">Toggle Element Mesh</button>
  </body>
</html>

UgServer setup and start

1. Edit the inbound rules of the virtual server to open port 8998
   

   

   SSL_231516×701 137 KB

2. Install Node.js and npm

sudo apt-get install nodejs npm

3. Change current directory

cd /var/www/cew_server_UgServer

4. Execute the following command to fetch UgServer’s single dependency, Socket.io.

sudo npm install

5. Start the UG server

sudo npm run startLinux

6. Open https://YOUR_DOMAIN_NAME/sample_ug.html using your web browser to verify you have configured the UG server correctly
   
   

   SSL_241501×1038 92.8 KB

Reverse proxy settings

The UG server has now been configured, but there is a non-standard port: 8998 posing a security risk. We’ll need to close it by restricting the non-standard port to the private environment.

1. Stop the UG Server by pressing the Ctrl + C key on the SSH

2. Delete port: 8998 in the inbound rules of the security group

3. Open the nginx setting file

sudo vi /etc/nginx/sites-enabled/default

Add the following location under existing location / {…}

        location /socket.io/ {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;

                proxy_pass https://localhost:8998;

                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                proxy_set_header Access-Control-Allow-Origin "*";
                proxy_set_header Access-Control-Allow-Methods "POST, GET, OPTIONS";
                proxy_set_header Access-Control-Allow-Headers "DNT, X-Mx-ReqToken, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type";
                proxy_set_header Access-Control-Allow-Credentials true;
        }

4. Save and quit: :wq
5. Reload nginx

sudo service nginx reload

6. Open client side javascript

sudo vi /var/www/html/MinimalUg.js

8. Remove port number (8998) from the server URL valuable and set model name

...
        var vizServerUrl = protocol + window.location.hostname;
...
        g.remoteModel.openModel("Spindle.vtfx");

9. Save and quit: :wq

10. Start the UG server

sudo npm run startLinux

11. Reload the sample page
    
    

    SSL_261516×968 168 KB

Since socket.io adds socket.io at the end of given server URL, it can redirect to “private IP address:8998” using reverse proxy setting.