Warning |
---|
Advanced level feature: skills with Apache configuration and SSL are required. See the 'Current Issues' section below for details of problems you may encounter if you enable this feature. |
...
Warning |
---|
Advanced level feature: skills with Apache configuration and SSL are required. See the 'Current Issues' section below for details of problems you may encounter if you enable this feature. |
Table of Contents |
---|
In opEvents 3.3.0, we have introduced realtime events to push updates as they happen to the GUI.
...
Code Block |
---|
<VirtualHost *:443>
ServerName example.opmantek.com
SSLEngine on
SSLProxyEngine On
ProxyRequests Off
SSLCertificateFile /etc/ssl/certs/example/cert.pem
SSLCertificateKeyFile /etc/ssl/certs/example/privkey.pem
SSLCertificateChainFile /etc/ssl/certs/example/fullchain.pem
RequestHeader set X-Forwarded-Proto "https"
# Proxy the websocket connection
ProxyPassMatch ^(\/(en|es)\/omk\/opEvents\/ws\/.*)$ ws://localhost:8042/$1
# Proxy the rest of the application
ProxyPass /en/omk http://localhost:8042/en/omk
ProxyPass /es/omk http://localhost:8042/es/omk
ProxyPass /omk http://localhost:8042/omk
ProxyPassReverse / http://localhost:8042/
ErrorDocument 503 '<html><head><meta http-equiv="refresh" content="60"></head><body><h1>Temporary Service Interruption</h1>The requested OMK page should be back soon. This page will automatically reload in 60 seconds.</body></html>'
</VirtualHost>
<VirtualHost *:80>
ServerName example.opmantek.com
Redirect 301 / https://example.opmantek.com/
</VirtualHost> |
Settings which you will need to modify from the example
...
Testing the config
Then restart Apache
Code Block |
---|
sudo systemctl restart httpd /etc/ssl/certs/example/cert.pem SSLCertificateKeyFile /etc/ssl/certs/example/privkey.pem SSLCertificateChainFile /etc/ssl/certs/example/fullchain.pem RequestHeader set X-Forwarded-Proto "https" # Proxy the websocket connection ProxyPassMatch ^(\/(en|es)\/omk\/opEvents\/ws\/.*)$ ws://localhost:8042/$1 # Proxy the rest of the application ProxyPass /en/omk http://localhost:8042/en/omk ProxyPass /es/omk http://localhost:8042/es/omk ProxyPass /omk http://localhost:8042/omk ProxyPassReverse / http://localhost:8042/ ErrorDocument 503 '<html><head><meta http-equiv="refresh" content="60"></head><body><h1>Temporary Service Interruption</h1>The requested OMK page should be back soon. This page will automatically reload in 60 seconds.</body></html>' </VirtualHost> <VirtualHost *:80> ServerName example.opmantek.com Redirect 301 / https://example.opmantek.com/ </VirtualHost> |
Settings which you will need to modify from the example
Name | Value | Example | Apache Docs |
---|---|---|---|
ServerName | FQDN of the server which users will refer to it by | monit-prod.opmantek.com | https://httpd.apache.org/docs/2.4/vhosts/name-based.html |
SSLCertificateFile | Server PEM-encoded X.509 certificate data file or token identifie | /etc/ssl/certs/example/cert.pem | https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatefile |
SSLCertificateKeyFile | Server PEM-encoded private key file | /etc/ssl/certs/example/privkey.pem | https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile |
SSLCertificateChainFile | (Before apache 2.4.8) File of PEM-encoded Server CA Certificates | /etc/ssl/certs/example/fullchain.pem | https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile |
Redirect 301 | HTTPS url of the server which your users refer to by | https://example.opmantek.com/ |
Testing the config
Then restart Apache
Code Block |
---|
sudo systemctl restart httpd |
Enable Realtime events for Ubuntu 20.04 and over with Nginx
This configuration is to ensure you can proxy websocket connections for ubuntu 20.04 and over for ubuntu distributions as they don't support the required apache2 version needed for opevents realtime gui.
We now support Nginx 1.18.0 and above and this can be used if you wish to switch to nginx over apache regardless of your linux distribution.
Code Block |
---|
sudo apt-get install nginx
sudo apt install fcgiwrap |
In /etc/nginx/sites-available/, create the main configuration file:
Code Block |
---|
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name your_server_name;
location / {
if ($host != localhost) {
rewrite ^(.*)$ https://$host$request_uri permanent;
}
}
location /nmis9 {
alias /usr/local/nmis9/htdocs;
index index.html;
}
location = /nmis9/ {
rewrite ^ /cgi-nmis9/nmiscgi.pl permanent;
}
location /menu9/ {
alias /usr/local/nmis9/menu/;
}
location /cgi-nmis9/ {
alias /usr/local/nmis9/cgi-bin/;
include fastcgi_params;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
}
server {
listen 443 ssl http2;
server_name your_server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
ssl_certificate /path/to/ssl_cert;
ssl_certificate_key /path/to/ssl_key;
include common_nmis_locations;
location = / {
return 301 $scheme://$host/omk;
}
location ~ ^/(en|es)/omk/opEvents/events/.* {
include common_proxy_headers;
proxy_pass http://localhost:8042;
}
location /en/omk/opCharts/events/log {
include common_proxy_headers;
proxy_pass http://localhost:8042/en/omk/opCharts/events/log;
}
location /en/omk/opEvents/ws/test {
include common_proxy_headers;
proxy_pass http://localhost:8042;
}
location /en/omk/opEvents/ws/events {
include common_proxy_headers;
proxy_pass http://localhost:8042/en/omk/opEvents/ws/events;
}
location /es/omk/opCharts/events/log {
include common_proxy_headers;
proxy_pass http://localhost:8042/en/omk/opCharts/events/log;
}
location /es/omk/opEvents/ws/test {
include common_proxy_headers;
proxy_pass http://localhost:8042/en/omk/opEvents/ws/test;
}
location /es/omk/opEvents/ws/events {
include common_proxy_headers;
proxy_pass http://localhost:8042/en/omk/opEvents/ws/events;
}
location /omk {
include common_proxy_headers;
proxy_pass http://localhost:8042/omk;
error_page 503 '<html><head><meta http-equiv="refresh" content="60"></head><body><h1>Temporary Service Interruption</h1>The requested OMK page should be back soon. This page will automatically reload in 60 seconds.</body></html>';
}
location /omk.json {
include common_proxy_headers;
proxy_pass http://localhost:8042/omk.json;
}
location /es {
include common_proxy_headers;
proxy_pass http://localhost:8042/es;
error_page 503 '<html><head><meta http-equiv="refresh" content="60"></head><body><h1>Temporary Service Interruption</h1>The requested OMK page should be back soon. This page will automatically reload in 60 seconds.</body></html>';
}
location /en {
include common_proxy_headers;
proxy_pass http://localhost:8042/en;
error_page 503 '<html><head><meta http-equiv="refresh" content="60"></head><body><h1>Temporary Service Interruption</h1>The requested OMK page should be back soon. This page will automatically reload in 60 seconds.</body></html>';
}
location /pt {
include common_proxy_headers;
proxy_pass http://localhost:8042/pt;
error_page 503 '<html><head><meta http-equiv="refresh" content="60"></head><body><h1>Temporary Service Interruption</h1>The requested OMK page should be back soon. This page will automatically reload in 60 seconds.</body></html>';
}
}
|
At the end of the first server block for port 80, please check fastcgi_pass unix:/var/run/fcgiwrap.socket;
and make sure that this is the correct path your fcgi.socket, when you install fcgiwrap the path to fcgiwrap.socket will differ depending on your distribution:
Ubuntu/Debian: /var/run/fcgiwrap.socket
CentOS/RHEL: /usr/lib/systemd/system/fcgiwrap.socket
Settings which you will need to modify from the example
Name | Value | Example | Apache Docs |
---|---|---|---|
ServerName | FQDN of the server which users will refer to it by | monit-prod.opmantek.com | https://httpd.apache.org/docs/2.4/vhosts/name-based.html |
SSLCertificateKeyFile | Server PEM-encoded private key file | /etc/ssl/certs/example/privkey.pem | https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile |
SSLCertificateChainFile | (Before apache 2.4.8) File of PEM-encoded Server CA Certificates | /etc/ssl/certs/example/fullchain.pem | https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile |
fcgiwrap.socket | allows you to set up a socket for communication between a web server and fcgiwrap to handle FastCGI requests | /var/run/fcgiwrap.socket |
Next create two configuration files in the main nginx directory: /etc/nginx. One of these configs will be called common_proxy-headers and will contain:
Code Block |
---|
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port; |
The other will be common_nmis_locations and will contain:
Code Block |
---|
location /nmis9 {
alias /usr/local/nmis9/htdocs;
index index.html;
}
location = /nmis9/ {
rewrite ^ /cgi-nmis9/nmiscgi.pl permanent;
}
location /menu9/ {
alias /usr/local/nmis9/menu/;
}
location /cgi-nmis9/ {
alias /usr/local/nmis9/cgi-bin/;
include fastcgi_params;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
|
*note, you do not need the common_nmis_locations and can include this block into the 443 server block if you wish, this ensures no duplicated entry's though and is a more santitized configuration. You MUST include the proxy directives as a seperate configuration file, as any incorrect order or misconfiguration of proxy derectives can easily break wss:// headers in nginx.
Restart nginx
Code Block |
---|
sudo systemctl restart nginx
or
sudo service nginx restart |
And test realtime events connects and works
Debugging Web Socket connections
...