...
There are two parts to making this work -
- having the client connect on wss: port 443
...
- having the proxy forward the events URL to the websocket for OMK.
Request the clients browser to use 443 for the websocket
To tell the clients browser to use 443 (and hence wss: with SSL/TLS) instead of the default port 8042 (ws:) change the following in opCommon.nmis.
Code Block | ||||
---|---|---|---|---|
| ||||
'websocket_proxy_port' => '443'
or in opCommon.json:
"websocket_proxy_port": "443", |
After updating the opCommon configuration, restart the omkd daemon.
Proxy the connection from your SSL/TLS termination to the OMK webservice
The client's websocket will now be coming through the same SSL/TLS Transport as your HTTPS traffic on port 443. We need the proxy server to forward the websocket to the OMK webservice much like the HTTP traffic.
...
Code Block | ||
---|---|---|
| ||
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
ServerName some.example.com
ProxyPass "/en/omk/opCharts/events/log" "ws://localhost:8042/en/omk/opCharts/events/log"
ProxyRequests off
RequestHeader set X-Forwarded-Proto "https" |
After updating the Apache configuration, restart the Apache daemon.
Info | ||
---|---|---|
| ||
Proxy WS Tunnel module WSS HTTPS interaction Please note apache will force the use of WSS (SSL websocket) if you are using HTTPS. This is because the apache configuration: RequestHeader set X-Forwarded-Proto “https"https" |