From: Bill Erickson <berickxx@gmail.com>
Date: Mon, 31 Oct 2016 19:56:32 +0000 (-0400)
Subject: LP#1638651: example Nginx websockets/http(s) proxy config
X-Git-Tag: osrf_rel_2_5_0-alpha~5
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=ededc269eacb9e69e30074bba2cff35a3148e62e;p=OpenSRF.git

LP#1638651: example Nginx websockets/http(s) proxy config

Example using Nginx to proxy all websocket, http, and https Apache
traffic.

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
---

diff --git a/examples/nginx/osrf-ws-http-proxy b/examples/nginx/osrf-ws-http-proxy
new file mode 100644
index 0000000..efa929c
--- /dev/null
+++ b/examples/nginx/osrf-ws-http-proxy
@@ -0,0 +1,56 @@
+# File /etc/nginx/sites-available/osrf-ws-http-proxy
+#
+# $ ln -s /etc/nginx/sites-available/osrf-ws-http-proxy \
+#   /etc/nginx/sites-enabled/osrf-ws-http-proxy
+# $ sudo service nginx restart
+#
+# Assumes Apache is listening on HTTP=7080 and HTTPS=7443
+
+server { 
+    listen 80;
+
+    location / {
+        proxy_pass http://localhost:7080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+server {
+    listen 443;
+    ssl on;
+
+    # Use the same SSL certificate as Apache.
+    ssl_certificate /etc/apache2/ssl/server.crt;
+    ssl_certificate_key /etc/apache2/ssl/server.key;
+
+    location / {
+        proxy_pass https://localhost:7443;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /osrf-websocket-translator {
+        proxy_pass http://localhost:7680;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        # Needed for websockets proxying.
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Raise the default nginx proxy timeout values to an arbitrarily
+        # high value so that we can leverage osrf-websocket-translator's 
+        # timeout settings.
+        proxy_connect_timeout 5m;
+        proxy_send_timeout 1h;
+        proxy_read_timeout 1h;
+    }
+}
+
+