Gazebo | Ignition | Community
Ask Your Question
0

How can I run GZWeb over HTTPS/SSL?

asked 2017-04-11 16:38:14 -0500

srees gravatar image

We run an integration of GZWeb in the cloud, embedded via iFrame into our main webserver. With Google making a big push to everyone to run HTTPS only, we find we are restricted because gzweb is only HTTP, and we get blocked iframes due to mixed content.

Is there any way to run the viewer via HTTPS? I'm completely inexperienced with nodejs...

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
0

answered 2017-08-15 17:13:05 -0500

srees gravatar image

updated 2017-08-15 17:25:00 -0500

It’s been a while since I experimented with this, so some fiddling with my instructions may be necessary. Enabling HTTPS with gzweb requires modifying three files:

1.) Modify gzweb/start_gzweb.sh:

Change this line:

./node_modules/.bin/http-server http/client &

to:

./node_modules/.bin/http-server -S -C [path to cert] -K [path to key] http/client &

Just replace the crt and key files with wherever you store yours. You may also need to set the –a option…? Not sure about that one. If you have a more recent copy of gzweb, there is a ‘-p $PORT’ section of the command that can be left in place

2a.) Modify gzweb/http/client/gz3d.js:

Change line 2112:

url : 'ws://' + location.hostname + ':7681'

to:

url : 'wss://' + location.hostname + ':7681'

Yes, it’s just adding an ’s’ to the protocol. For more recent versions of gzweb, I’m not sure the location – check these:

  • gz3d/build/gz3d.js:2234 (this could be generated by 2b below)
  • gz3d/src/gziface.js:32 (most likely place)

2b.) Run gzweb/updateGZ3D.sh – this addresses code checking this change and minifying the JS again.

3.) Modify gzweb/gzbridge/ws_server.js:

Change line 4:

var http = require('http');

to: (putting your key and cert file locations in the appropriate spots)

var https = require('https’); 
var fs = require(‘fs’);
var options = {
    key: fs.readFileSync( ‘yourkeyfile’ ),
    cert: fs.readFileSync( ‘yourcrtfile’)
 };

Change line 32:

var server = http.createServer( function(request, response) {

to:

var server = https.createServer(options, function(request, response) {

That should about do it!

In our case, we are stuffing gzweb behind an F5, and it is handling the certificate for us. In this case, the only step I had to take was step 2.

edit flag offensive delete link more
0

answered 2017-04-11 16:41:04 -0500

eugene-katsevman gravatar image

an intermediate https/http proxy?

edit flag offensive delete link more

Comments

It may be possible (can we make gzweb aware of it's DNS name?), but get's very complicated in our situation, referencing a lot of client's cloud servers. We don't really want the hassle of trying to proxy all their stuff and would prefer to be able to tell them how to enable SSL themselves for their application.

srees gravatar imagesrees ( 2017-04-11 16:58:51 -0500 )edit

I don't get what you've said, sorry, due to my poor english. I was thinking of reverse proxy, which will stay on the same host as gzweb, unpacking https requests from clients to http for gzweb and vice versa.

eugene-katsevman gravatar imageeugene-katsevman ( 2017-04-11 18:59:07 -0500 )edit

or maybe I'm half asleep

eugene-katsevman gravatar imageeugene-katsevman ( 2017-04-11 19:01:02 -0500 )edit

I'll have to look into that idea further. My preference though would be to modify/update the existing webserver to support SSL.

srees gravatar imagesrees ( 2017-04-11 19:04:48 -0500 )edit

Please feel free to make a pull request proposing the changes. This is currently how the server is spun up: https://bitbucket.org/osrf/gzweb/src/ff44316fd3c5b415eb1ccd9aef519520d4bdc32a/start_gzweb.sh?at=default&fileviewer=file-view-default#start_gzweb.sh-26

chapulina gravatar imagechapulina ( 2017-04-11 19:32:47 -0500 )edit

chapulina, that actually has me pointed in the right direction. I'll update this ticket once I get it all nailed down.

srees gravatar imagesrees ( 2017-04-12 11:38:51 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2017-04-11 16:38:14 -0500

Seen: 844 times

Last updated: Aug 15 '17