Connect to OMERO using romero.gateway

Hi OMERO team-
I’m trying to connect R to my OMERO instance. I’m almost there, but… need some help with configuration. I’ve successfully installed the romero.gateway package in RStudio, but am having an issue making a successful connection to my server. Here’s the output from the R console edited to remove the password:

> library(romero.gateway)
Loading required package: rJava
Loading required package: jpeg
Loading required package: httr

*** Welcome to rOMERO 0.4.10 ***

> library(EBImage, warn.conflicts = FALSE)
> server<-romero.gateway::OMEROServer(host = 'wss://omerocloud.med.ualberta.ca/omero-wss', username = 'steve', password = '*****', port = as.integer(8443))
> connected_server<-romero.gateway::connect(server)
-! 2020-10-15 17:48:48:044 warning: main: null - createSession retry: 1
-! 2020-10-15 17:48:53:051 warning: main: null - createSession retry: 2
Error in .jcall("RJavaTools", "Ljava/lang/Object;", "invokeMethod", cl,  : 
  omero.ClientError: Obtained null object proxy

I got some help from the OMERO.server Websockets documentation page to allow wss by configuring the omero.cllient.icetransports property with tcp,ssl,ws,wss. The linked GitHub example here provided some clues about how to edit my Nginx configuration file so the location “omero-wss” would provide wss on the default port and I think that my problem is described by this paragraph in the documentation (although it’s a guess) :

If you want to proxy OMERO.server websockets via a webserver such as Nginx you must also add a cipher supported by Nginx to omero.glacier2.IceSSL.Ciphers since the anonymous ciphers that OMERO uses are not supported.

I understand what this means, but not what actions to take to overcome the problem.
So How?

Thanks for any pointers
Steve

Hi @steveo,

Have you seen https://pypi.org/project/omero-certificates/ ? If not, could you give it a try. It should update your ciphers list as needed. A restart will be necessary though.

All the best,
~Josh

Thanks @joshmoore,

Unfortunately my guess was wrong. I was able to run the omero certificates command as you suggested and it set a bunch of parameters for omero-server:

omero.certificates.commonname=localhost
omero.certificates.key=server.key
omero.certificates.owner=/L=OMERO/O=OMERO.server
omero.glacier2.IceSSL.CAs=server.pem
omero.glacier2.IceSSL.CertFile=server.p12
omero.glacier2.IceSSL.Ciphers=HIGH
omero.glacier2.IceSSL.DefaultDir=/OMERO/certs
omero.glacier2.IceSSL.Password=********
omero.glacier2.IceSSL.ProtocolVersionMax=TLS1_2
omero.glacier2.IceSSL.Protocols=TLS1_0,TLS1_1,TLS1_2

and I set omero.client.icetransports=ssl,tcp,wss,ws

But, I still have similar errors as before, namely:

> server<-romero.gateway::OMEROServer(host = 'wss://206-12-95-177.cloud.computecanada.ca/omero-wss/', username = 'root', password = '*****', port = as.integer(8443))
> connected_server<-romero.gateway::connect(server)
-! 22/10/20 16:37:23:584 warning: main: null - createSession retry: 1
-! 22/10/20 16:37:28:588 warning: main: null - createSession retry: 2
Error in .jcall("RJavaTools", "Ljava/lang/Object;", "invokeMethod", cl,  : 
  omero.ClientError: Obtained null object proxy

Or:

> server<-romero.gateway::OMEROServer(host = 'wss://206-12-95-177.cloud.computecanada.ca/omero-wss/', username = 'root', password = '******', port = as.integer(443))
> connected_server<-romero.gateway::connect(server)
Error in .jcall("RJavaTools", "Ljava/lang/Object;", "invokeMethod", cl,  : 
  Ice.ProtocolException
    reason = "unexpected status value 502:
              Bad Gateway"

When I use port 8443 in the server definition, I get nothing in the Nginx error log or access log, and I notice that when I use the port 443 in the “server” definition in R (as in the second case above), then I get the following error in the nginx error.log -

2020/10/22 22:39:09 [crit] 19414#19414: *1 connect() to 206.12.95.177:4066 failed (13: Permission denied) while connecting to upstream, client: 142.244.23.105, server: 206-12-95-177.cloud.computecanada.ca, request: "GET
 /omero-wss/ HTTP/1.1", upstream: "https://206.12.95.177:4066/omero-wss/", host: "206-12-95-177.cloud.computecanada.ca:443"

Now, I’m thinking that I’ve not correctly set some of the directive parameters in the nginx config file because I just copied the parts of your web sockets example with out really understanding which ports are used for which protocol and how proxy servers work, etc. Or I don’t know how to properly format the server assignment in R. These are both a bit of a mystery to me. How can I connect R to a bog standard omero server - without having to open any more ports - only using 80, 443, 4063 and 4064? Or maybe I need to change this and open other ports in the firewall? I’m not a system administrator, so I’m a bit confused about the ports/protocols, which port gets used where etc… Where did the 4066 in your deployment example come from, or 8443?

My goal was to follow along with the R analysis detailed in this Jupyyter notebook
I copied the data from idr0021 to my server and I was planning just to follow the notebook to see how the data are analysed and then the tabular results are saved back to the server and used to generate the plots. I got the details of formatting for my server assignment in R from one of the first cells of that notebook, “Log in to the omero server”. Little did I realize that installing the client gateway in R is only half the story. Somehow I need to change something to do with my server to allow WebSocket connections. Or, perhaps many things. This seems not so straight forward.

I attached my omero-web.conf file after I modified it from whatever Ansible put there. I’m not too sure about how to properly use the directives to proxy wss requests. omero-web.conf.txt (2.0 KB) . Note that I also used lets encrypt/certbot to get an ssl certificate for the server. So those directives are all in the config file too.

I deployed omero on CentOS 7 using Ansible from a playbook using the postgresql, omero_server and omero_web roles downloaded from Ansible galaxy.

I hope this is enough information for you, or anybody to help clear up my confusion. Sorry for the trouble.
Thanks for any pointers,
Steve

Hi Steve.
Unfortunately I don’t see any obvious error, but I don’t know much about configuring nginx/websockets to be honest. I’ll point a colleague to the thread, maybe he can offer more insights. Could you provide the relevant bits of your nginx config too?
But I was wondering about your comment without having to open any more ports - only using 80, 443, 4063 and 4064. If you have 4063 and 4064 open, then you don’t need websockets in order to connect to the server. In that case the normal OMEROServer(host = "somehost", username = "xx", password = "xx", port = as.integer(4064) should work.
Could you try to connect to the server with Insight (with and without websocket), does that work?
By the way, your jupyter notebook approach is definitely possible. We have an example notebook using IDR (via websockets) too: idr0040_Yeast_cell_growth
Kind Regards,
Dominik

1 Like

Hi Dominik-
Wow, all I had to do was use the normal 4064 port and take away the wss or https in front of the host. Then it works perfectly. For some reason - my lack of understanding - I thought I had to use web sockets with the R gateway - maybe because that’s how it was formatted in the notebook I was trying to recapitulate.
I can now connect to my server using the R OMERO gateway.
Thank you!
Steve

1 Like

Hi Steve

We should clarify in the notebook that websockets need to be configured and it is not the only way to connect. We use them so that people can run them in https://mybinder.org/ (4064 will not work in that framework)

Thanks

Jmarie

1 Like