...
Apache Config Changes
HTTPS Realtime Events
If you are using opEvents with https there are a few changes needed to proxy websockets to the opEvents web-server.
You will need to enable proxy_wstunnel and modify the OMK provided Apache virtual host.
The minimum Apache version required is 2.4.5
Debian
If you are running a debian based linux os please enable these apache modules
Code Block |
---|
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel |
CentOS & Redhat 7
Edit When connecting over ssl you will need the web-socket connect to also be secured as the browser cannot run mixed content, secured page and unsecured socket connection. We can use Apache and the optional module proxy_wstunnel to terminate the secured connection and then proxy the connection to the OMKD web server.
The minimum supported Apache Version is 2.4.6, We recommend you use a virtual host and the provided Apache configuration 04omk-proxy.conf under Redhat: /etc/httpd/conf.modules.d/00d/04omk-proxy.conf Debian: /etc/httpd/conf-enabled/04omk-proxy.conf is not currently setup for virtual hosts. Removing the provided 04omk-proxy.conf
All modules related to proxying websockets are listed in this configuration file, please uncomment:
LoadModule proxy_http_module modules/mod_proxy_http.
soLoadModule proxy_wstunnel modules/mod_proxy_wstunnel.so
requires you have basic understanding on editing Apache config.
Debian 9
Enable proxy_wstunnel
Enable these modules to support proxying of the websockets.
Code Block |
---|
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel |
Then restart Apache
Code Block |
---|
sudo systemctl restart httpd |
Proxy the webscocket
...
apache2 |
Enable proxy_wstunnel
Next you will need to edit /etc/
...
httpd/conf-enabled/04omk-proxy.
...
conf
We need to tell the omk server application the connection is being proxied and the client has connected over https, Find RequestHeader and change from http to https
Code Block |
---|
RequestHeader set X-Forwarded-Proto "https" |
Above <Location "/omk"> add the following line, if you are using other languages please change "en" to your specified language, or add more entries.
Code Block |
---|
ProxyPass "/en/omk/opEvents/ws/events" ws://localhost:8042/en/omk/opEvents/ws/events |
Proxy the websocket for Redhat 7
This has been tested with Apache 2.4.6
Instead of ProxyPass you will need to use ProxyPassMatch
Code Block |
---|
ProxyPassMatch ^/(en/omk/opEvents/ws/events)$ ws://localhost:8042/$1 |
Restart Apache
Code Block |
---|
sudo systemctl restart apache2 |
RedHat 7 & Centos 7
Enable proxy_wstunnel
Edit /etc/httpd/conf.modules.d/00-proxy.conf
All modules related to proxying websockets are listed in this configuration file, please uncomment:
LoadModule proxy_http_module modules/mod_proxy_http.
soLoadModule proxy_wstunnel modules/mod_proxy_wstunnel.so
Then restart Apache
Code Block |
---|
sudo systemctl restart httpd |
Create a new VirtualHost
You will need to create a virtual host for proxying web sockets on Redhat, the shipped proxy file our installer / vm ships /etc/httpd/conf.d/04omk-proxy.conf is not compatible and should be removed from Apaches conf.d/ directory.
You should understand how a virtual host works, please see https://httpd.apache.org/docs/2.4/vhosts/examples.html
A basic example with config to use serve opEvents over SSL and proxy the Webscockets, if you are using the Opmantek Provided VM this will be incompatible with the provided 04omk-proxy.conf., create a new file in /etc/httpd/conf.d/omkd_ssl.conf
Apache will listen on port 443, serve SSL, proxy the websockets and main application to the OMKD web server listening on localhost 8042
Apache will also redirect requests from 80 to 443 to make sure no users can access the application without SSL
Code Block |
---|
<VirtualHost *:443> ServerName example.opmantek.com SSLEngine on SSLProxyEngine On ProxyRequests Off SSLCertificateFile /etc/ssl/certs/example/cert.pem SSLCertificateKeyFile /etc/ssl/certs/example/privkey.pem SSLCertificateChainFile /etc/ssl/certs/example/fullchain.pem RequestHeader set X-Forwarded-Proto "https" # Proxy the websocket connection ProxyPassMatch ^(\/(en|es)\/omk\/opEvents\/ws\/events.*)$ ws://localhost:8042/$1 # Proxy the rest of the application ProxyPass / http://localhost:8042/ retry=5 ProxyPassReverse / http://localhost:8042/ ErrorDocument 503 '<html><head><meta http-equiv="refresh" content="60"></head><body><h1>Temporary Service Interruption</h1>The requested OMK page should be back soon. This page will automatically reload in 60 seconds.</body></html>' </VirtualHost> <VirtualHost *:80> ServerName example.opmantek.com Redirect 301 / https://example.opmantek.com/ </VirtualHost> |
Settings which you will need to modify from the example
Name | Value | Example | Apache Docs |
---|---|---|---|
ServerName | FQDN of the server which users will refer to it by | monit-prod.opmatek.com | https://httpd.apache.org/docs/2.4/vhosts/name-based.html |
SSLCertificateFile | Server PEM-encoded X.509 certificate data file or token identifie | /etc/ssl/certs/example/cert.pem | https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatefile |
SSLCertificateKeyFile | Server PEM-encoded private key file | /etc/ssl/certs/example/privkey.pem | https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile |
SSLCertificateChainFile | (Before apache 2.4.8) File of PEM-encoded Server CA Certificates | /etc/ssl/certs/example/fullchain.pem | https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile |
Redirect 301 | HTTPS url of the server which your users refer to by | https://example.opmantek.com/ |
Then restart Apache
Code Block |
---|
sudo systemctl restart httpd |
Debugging Web Socket connections
...