Running slicer-notebook Docker behind HTTPS reverse proxy?

Operating system: CentOS 7
Slicer version: 4.11 ( https://github.com/Slicer/SlicerDocker - lassoan/slicer-notebook:2020-05-15-89b6bb5 )
I would like to run the container behind an Apache 2.4 as reverse proxy, so I could access the Slicer Jupyter notebook and in-browser Slicer GUI externally, at e.g. https://example.com/slicer while all other URLs from example.com are served by Apache directly.

I have tried the slicer-notebook docker container, and it is a really cool way of integrating both the Slicer GUI and its Jupyter notebook in the same web browser. It works great on my local computer, and I am trying to use on a web server as a prototype for interactive visualizations. To do that, I am running the docker container on the same machine as the web server, and I need to set up reverse proxy so that the container output at port 8888 is served externally at port 443 (https). My server is running Apache 2.4, fully configured, running a Joomla based website. Thus, I need to reverse-proxy the container to https://example.com/myslicer

I am following https://stackoverflow.com/questions/23890386/how-to-run-ipython-behind-an-apache-proxy
and it appears that for reverse proxy to work, the container would have to expose the notebook not at 127.0.0.1:8888/ but 127.0.0.1:8888/myslicer

I was wondering if you could help me reconfigure the container to make this change?

Sorry for the slow answer, we are all very busy at the Slicer Project Week. I would love to see this working.

Instead of trying to set all this up manually, have you considered to use JupyterHub? This is what binder uses and it supports multiple users, providing a dedicated server to each of them.

If you want to expose a single Jupyter server then it may be a matter of configuring the apache server to direct the example.com/slicer traffic to the Jupyter server and set the Jupyter server base url in the Jupyter configuration file (as it is explained here). To set Jupyter configuration file in the image, you can upload it to the dockerfile folder and add a copy command into the Dockerfile to put it to a place where Jupyter will find it (see info here on how to generate a default configuration and where should it be).

Thank you - I am building it for a single user. I have created jupyter_notebook_config.py, added it to the Dockerfile and I rebuilt the container. The reverse proxy works as I can start a Python3 Jupyter notebook at https://example.com/myslicer
Here is my reverse proxy configuration for Apache 2.4 just in case:

<Location /myslicer>
ProxyPass  http://localhost:8888/myslicer
ProxyPassReverse http://localhost:8888/myslicer
ProxyPassReverseCookieDomain localhost example.com
RequestHeader set Origin "http://localhost:8888"
</Location>
<Location "/myslicer/api/kernels">
        ProxyPass ws://localhost:8888/myslicer/api/kernels
        ProxyPassReverse ws://localhost:8888/myslicer/api/kernels
</Location>

However, the Slicer 4.11 notebook would not start:

error: [/home/sliceruser/Slicer-4.11.0-2020-05-14-linux-amd64/bin/SlicerApp-real] exit abnormally - Report the problem.
[I 03:20:11.378 NotebookApp] KernelRestarter: restarting kernel (1/5), keep random ports

Further, when building the container, the following errors occur:

Step 35/46 : RUN ./install.sh ${HOME}/$SLICER_ARCHIVE/Slicer
 ---> Running in ac94ada5b72e
_XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.
QIODevice::read (QFile, "/home/sliceruser/.config/NA-MIC/Extensions-29057/SlicerJupyter/share/Slicer-4.11/qt-loadable-modules/JupyterKernel/Slicer-4.11/kernel-template.json"): device not open
virtual bool qSlicerJupyterKernelModule::installSlicerKernel(QString) : launching  "/usr/local/bin//jupyter-kernelspec"   "install /home/sliceruser/.config/NA-MIC/Extensions-29057/SlicerJupyter/share/Slicer-4.11/qt-loadable-modules/JupyterKernel/Slicer-4.11 --replace --user"
Kernelspec install error output:  "[InstallKernelSpec] Installed kernelspec slicer-4.11 in /home/sliceruser/.local/share/jupyter/kernels/slicer-4.11\n"

I was wondering if something is no longer compatible. I had to comment out COPY etc/dpkg…01_nodoc in the Dockerfile to be able to build the container.

Can you build the image using the original, unmodified dockerfile?

No. Same errors _XSERVTransmkdir, QIODevice… Kernelspec as above when building using unmodified Dockerfile

I’ve checked and both errors that you see are harmless: I have those as well and the image works fine.

You can open a new terminal with the New button and check if you can find any clue in the system logs about why Slicer startup fails.

What CPU and graphics do you have in your system?

It is a CentOS7 headless VM sharing a Xeon E7-4830, with 4GB RAM, no GPU.

For a test, I have tried connecting the prebuilt container lassoan/slicer-notebook:2020-05-15-89b6bb5 to https://example.com/ directly. Just as before, I can start python 3.8 notebooks but not slicer notebook, as before:

[I 21:34:48.458 NotebookApp] Kernel started: c58312d4-31a6-4a7b-90e3-695e37eb2cb8, name: slicer-4.11
Switch to module:  "Welcome"
Loading Slicer RC file [/home/sliceruser/.slicerrc.py]
Jupyter connection file: [/home/sliceruser/.local/share/jupyter/runtime/kernel-c58312d4-31a6-4a7b-90e3-695e37eb2cb8.json]
[W 21:35:48.846 NotebookApp] Timeout waiting for kernel_info reply from c58312d4-31a6-4a7b-90e3-695e37eb2cb8
error: [/home/sliceruser/Slicer-4.11.0-2020-05-14-linux-amd64/bin/SlicerApp-real] exit abnormally - Report the problem.
[I 21:35:54.450 NotebookApp] KernelRestarter: restarting kernel (1/5), keep random ports

Can this be a low RAM issue?

4GB RAM is low and 4th generation Intel CPU is very old. You can open a new terminal using New button in the Jupyter GUI to inspect the system logs and see what fails. See for example this similar topic (failure to start Slicer on a 3rd generation Intel CPU).

You can also try to just simply install Slicer on that computer and see if it starts.

I’ve also updated and tested a notebook image and tested that it works well.

Maybe you could make Slicer work by building it on your system instead of installing the pre-built package.