Trouble using Tomcat+Thredds+ncWMS2 with TerriaMap

[Fred W]

Hello all,

I wonder if there are some instruction around for how to get TerriaMap to talk to ncWMS2. I hope someone can help.

I have setup a tomcat9 server with THREDDS4.6 and NCWMS2.4. It is serving up WMS requests to the Godiva3 client, which is working well. The tomcat is running on port 8088.

In preparation for TerriaMap I have followed the instructions on https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter to enable CORS, but I don't know how to confirm wether it works (it doesn't seem to, see below).

Then I installed and started TerriaMap on its default port 3001. It runs on the same server as the tomcat. But the browser is running elsewhere in the LAN so I opened 3001 and 8088 ports in the servers firewall.

TerriaMap is accessible on http://192.168.1.100:3001/

Then I tried adding the ncWMS-URL to TerriaMap via the "Add Web Data" function. I set the "file type" to "Web Map Service (WMS) Service" in Step 1 and enter the ncWMS URL (http://192.168.1.100:8088/ncWMS2/wms) in Step2.

I immediately get an error "Group is not available. An error occurred while invoking GetCapabilities on the WMS server...." followed by a hint that CORS might the issue.

So I attempted to test for CORS according to https://stackoverflow.com/a/12179364. But I'm not sure which URLs from my local setup to use in testing. Which is the "Origin" here? The ncWMS URL or the TerriaMap URL?

So I tried it "both ways round" and this is what curl tells me:

[~]$ curl -H "Origin: http://192.168.1.100:8088/ncWMS2/wms" --verbose  http://192.168.1.100:3001 2>&1 | grep 'Access-Control-Allow-Origin'

< Access-Control-Allow-Origin: *

[~]$ curl -H "Origin: http://192.168.1.100:3001" --verbose http://192.168.1.100:8088/ncWMS2/wms  2>&1 | grep 'Access-Control-Allow-Origin'

---blank---

My second attempt was to add a specific ncWMS layer directly to the catalog in my terria.json file:

    "catalog": [

        {

            "name": "WMS example",

            "type": "group",

            "isPromoted": true,

            "isOpen": true,

            "items": [

                {

                    "name": "Temperature",

                    "layers": "fmrc_gridT_hourly/votemper",

                    "url": "http://192.168.1.100:8088/ncWMS2/wms",

                    "type": "wms",

                    "maxRefreshIntervals": 9000,

                    "showDatetimePicker": true,

                    "useOwnClock": true,

                },

          .....

When I reload TerriaMap, I now have an item "Temperature" in the Add data>Data catalogue and it has a circled + next to it.

When I click + to add the data, I get an error "Request has failed".

My tomcat's "localhost_access_log" file reveals the requests TerriaMap was trying to make

192.168.1.100 - - [24/Sep/2019:08:49:31 +0400] "GET /ncWMS2/wms?service=WMS&version=1.3.0&request=GetCapabilities HTTP/1.1" 403 -

192.168.1.100 - - [24/Sep/2019:08:49:31 +0400] "GET /ncWMS2/wms?service=WMS&version=1.1.1&sld_version=1.1.0&request=DescribeLayer&layers=fmrc_gridT_hourly%2Fvotemper HTTP/1.1" 403 -

The second request fails because ncWMS doesn't support the DescribeLayer request, but why that first one failed with 403 (Forbidden) is a mystery, because I can execute the GetCapabilities request using curl without issues:

$ curl 'http://192.168.1.100:8088/ncWMS2/wms?service=WMS&version=1.3.0&request=GetCapabilities'

<?xml version="1.0" encoding="UTF-8"?>

<WMS_Capabilities

        version="1.3.0"

        updateSequence="2019-09-24T07:18:59.965+04:00"

        xmlns="http://www.opengis.net/wms"

        xmlns:xlink="http://www.w3.org/1999/xlink"

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xmlns:edal="http://reading-escience-centre.github.io/edal-java/wms"

        xsi:schemaLocation="http://www.opengis.net/wms http://schemas.opengis.net/wms/1.3.0/capabilities_1_3_0.xsd">

    <Service>

        <Name>WMS</Name>

...

So I can only assume that it's a CORS issue, but as far as I know my tomcat has CORS enabled, but I can't confirm this using the usual tools (such as https://www.test-cors.org/) because our servers aren't public.

Can anyone help out with any suggestions on how to solve this?

I refuse to believe that TerriaMap cannot be used with ncWMS at all. This should be possible, right?

Thanks a lot in advance,

Fred

[Kevin Ring]

Hi Fred,

This part indicates that your ncWMS2 server is not CORS-enabled:

[~]$ curl -H "Origin: http://192.168.1.100:3001" --verbose http://192.168.1.100:8088/ncWMS2/wms  2>&1 | grep 'Access-Control-Allow-Origin'

---blank---

 A slightly better test would be:

curl -H "Origin: http://192.168.1.100:3001" --verbose "http://192.168.1.100:8088/ncWMS2/wms?service=WMS&version=1.3.0&request=GetCapabilities"  2>&1 | grep 'Access-Control-Allow-Origin'  

If that also shows no output, your server definitely isn't supporting CORS correctly. At which point you can either try to figure out why (I'm not sure I can help much with that), or you can simply access the server through the terriajs-server proxy. To do that, add it to the allowProxyFor list in devserverconfig.json and restart the terriajs server. More details here: https://docs.terria.io/guide/connecting-to-data/cross-origin-resource-sharing/

Be sure that you do _not_ add it to the "corsDomains" list! Adding it there would tell terriajs that your server _does_ support CORS.

I can't quite explain the 403s in your server log. Usually with a CORS failure, the request succeeds from the viewpoint of the server, but the web browser refuses to let the app's javascript code see it. Some possible explanations (that could very well be wrong):

- Those 403s are from trying to access the server on the wrong port, e.g. the 8088 was missing at some point.

- The server has some unusual rules (probably security related) such that it's blocking the requests from TerriaJS on the basis of their headers or origin IP address or something like that. While the curl with fewer headers and possibly from a different machine is ok.

Kevin

--
You received this message because you are subscribed to the Google Groups "TerriaJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terriajs+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terriajs/22fb26fc-a0f7-49c1-b151-0fe077c662a1%40googlegroups.com.

--

www.kotachrome.com/kevin

[Fred W]

Thank you Kevin,

I have followed your instructions and finally got the internal proxy'ing to work (I had some "left-over" entry in the "corsDomains" which I had forgotten abotu after an earlier attempt). 

So I can now see my data layers. But the response times are very slow. Does the built-in proxy come with a performance hit?

My tomcat has so far defeated all my attempts at enabling CORS, which is frustrating, but I understand that this is outside the scope of this forum. I will keep trying.

Thank you!

Fred

To unsubscribe from this group and stop receiving emails from it, send an email to terr...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/terriajs/22fb26fc-a0f7-49c1-b151-0fe077c662a1%40googlegroups.com.

--

www.kotachrome.com/kevin

[Kevin Ring]

Hi Fred,

No, the proxy should be pretty fast. It just passes the request on through without too much ceremony. But Terria does request up to 6 tiles at a time from a server, which some servers have trouble with. Caching on the server side is essential.

Kevin

To unsubscribe from this group and stop receiving emails from it, send an email to terriajs+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terriajs/5f724a70-af77-4f73-a118-9952775f8525%40googlegroups.com.

--

www.kotachrome.com/kevin