Websites: https://experiments.jcsda.org/ and https://skylab.jcsda.org/

About

Our web applications, https://experiments.jcsda.org and https://skylab.jcsda.org run on two individual AWS EC2 instances in us-east-1. They are Voila applications running on port 8866 on an nginx web server on ports 80/443. The web apps are simply python notebooks in the diag-plots repository with r2d2 and solo as the only dependencies. These packages are located in /home/ubuntu. Python3 virtual environments, e.i. "venv" are not used for the web apps. All python code is installed to the system python. It was the only way we could figure out to get the notebooks to work with Viola and nginx over https.

The Viola middleware service strips the cells from each notebook at runtime and displays only the user interface graphics required for the drop down menus and image viewing. Every time someone visits one of these web pages, a new Python3 kernel is started in memory. Over time, this leads to OutOfMemoryErrors from the OS and the web apps freeze up and the instance will have to be rebooted as detailed below.

The error logs a Voila application with python notebooks and each run from their own instance. The logs on these instances are located at /var/log/nginx/error.log and can be accessed by executing

journalctl -u voila.

...

service

The https nginx configurations are at /etc/nginx/sites-enabled/experiments.jcsda.org and /etc/nginx/sites-enabled/skylab.jcsda.org.

WARNING: Do not change the https nginx configurations unless you know what you are doing.

server {
    server_name experiments.jcsda.org;
    proxy_buffering off;
    location / {
            proxy_pass http://localhost:8866;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 86400;
    }
    client_max_body_size 100M;
    error_log /var/log/nginx/error.log;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/experiments.jcsda.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/experiments.jcsda.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = experiments.jcsda.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name experiments.jcsda.org;
    return 301 https://$host$request_uri;
    # return 404; # managed by Certbot
}

Procedures

Reboot EC2 Instance

...

Voila documentation: https://voila.readthedocs.io/en/stable/deploy.html#running-voila-on-a-private-server

WARNING: these These instructions are old and some steps might be outdated or simply not correct for the current web apps.

Start a new EC2 instance using the console:

...

1. SSH into the instance (Select instance from console, click the Connect button, copy and paste the example ssh line into your computer’s terminal). Make sure you’re on the NCAR VPN since you’ve set up the security group.

2. Install nginx (enter in SSH’d terminal):
   

   Code Block
   sudo apt install nginx sudo systemctl status nginx

    

3. Connect {website_name}.jcsda.org to IPv4 on Route 53. (Go to https://console.aws.amazon.com/route53/v2/hostedzones#ListRecordSets/Z1F2XBLX8SOJLO, click create record, name it, keep the type as “A” and enter the instance’s public IPv4 as the Value)

4. Create the file /etc/nginx/sites-enabled/{website_name}.jcsda.org with the following content:
   

   Code Block

   server { listen 80; server_name {website_name}.jcsda.org; proxy_buffering off; location / { proxy_pass http://localhost:8866; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; } client_max_body_size 100M; error_log /var/log/nginx/error.log; }

    

5. Enable and start the nginx service.
   

   Code Block
   sudo systemctl enable nginx.service sudo systemctl start nginx.service

   
   

6. Install pip
   

   Code Block
   sudo apt update && sudo apt install python3-pip

    

Clone Git Repo and Install Dependencies:

...

1. Create /usr/lib/systemd/system/voila.service with the contents:
   

   Code Block
   [Unit] Description=Voila [Service] Type=simple PIDFile=/run/voila.pid ExecStart=voila --no-browser --show_traceback=False jtd/voila/app.ipynb User=ubuntu WorkingDirectory=/home/ubuntu/ Restart=always RestartSec=10 [Install] WantedBy=multi-user.target

    

2. Enable and start the voila.service:
   

   Code Block
   sudo systemctl enable voila.service sudo systemctl start voila.service

    

3. Restart nginx
   

   Code Block
   sudo systemctl restart nginx.service

    

4. Enable access to https:
   

   Code Block
   sudo snap install core; sudo snap refresh core sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot sudo certbot --nginx

   
   

5. Check access on https://{website_name}.jcsda.org, it should be up and running

Troubleshooting

How to run the web apps on a locally

How to print to output from ipywidgets

import ipywidgets as widgets
out = widgets.Output(layout={'border': '1px solid black'})
display(out)

from jedi_data_viewer_experiments import JediDataViewerExperiments
jedi_data_viewer_experiments = JediDataViewerExperiments(out)

with self._out: print("")

Web page fails to load

Issue: the web pages will fail to load/ timeout

...