- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have two nodes, one is login node and another is compute node.Two nodes have installed Vtune Profile 2021 in a shared directory.
I run the command in the compute node:
vtune-backend --allow-remote-ui --enable-server-profiling --web-port=12030
Log is:
No TLS certificate was provided as a --tls-certificate command-line argument thus a self-signed certificate is generated to enable secure HTTPS transport for the web server: /home/user1/.intel/vtune/settings/certificates/middleware.crt.
Serving GUI at https://c1:12030
Serving GUI at https://<compute node ip>:12030
I want to use the url https://<login node ip>:8080/ to open the vtune-backend web interface which is run on the compute node. And the url in the browser will not be changed.
I try to use nginx and add the settings in login node ,but failed.
map $http_upgrade $connection_upgrade {
default keep-alive;
'websocket' upgrade;
}
server {
listen 8080 ssl http2;
server_name login;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
proxy_connect_timeout 60;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
http2_max_concurrent_streams 512;
http2_max_requests 10000;
http2_chunk_size 16k;
http2_recv_timeout 3600;
http2_body_preread_size 256k;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_early_data on;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection '1; mode=block';
add_header X-Frame-Options SAMEORIGIN;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host:8080;
proxy_cache_bypass $http_upgrade;
proxy_set_header Origin '';
proxy_pass https://<compute ip>:12030/;
root /opt/intel/oneapi/vtune/latest/frontend;
}
After I open the url : https://<login node ip>:8080/
I got the error :
[31merror[39m: Too many WebSocket handshakes from address <login node ip>
[31merror[39m: [
'error connecting socket, sessionId: undefined',
{ isTrusted: true }
]
The page is blank and the websocket connection is failed with the error code 429.
Anyone can help me?
Please let me know if I'm missing something.Thanks.
Or there are any alternative methods in Vtune?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have get the answer about the question.
If you want to use reverse proxy with vtune-backend, you must to use "Reverse proxy authentication" in /opt/intel/oneapi/vtune/latest/backend/config.yaml.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thanks for reaching out to us.
We are checking on it internally, will get back to you soon.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have tested the reverse proxy in other nodes,and the same error still occurs.
Do you have any useful information?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Yes, the VTune server does support deployments behind a reverse proxy.
You just need to add NGINX configuration for WebSockets:
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 36000s;
You could also move user authentication to the reverse proxy and enable client certificate authentication to limit access to the VTune server only to the reverse proxy and block direct access. See online documentation:
-Stas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have get the answer about the question.
If you want to use reverse proxy with vtune-backend, you must to use "Reverse proxy authentication" in /opt/intel/oneapi/vtune/latest/backend/config.yaml.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Glad to know that your issue is resolved. If you need any additional information, please submit a new question as this thread will no longer be monitored.
Thanks.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page