revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-20 13:52:40 +01:00
Code Issues Releases Wiki Activity

Add documentation for routing WebSockets through a reverse proxy

Browse source 
Summary: This is a little rough and should be considered an "advanced" option. Having said that, this works well in my install and I imagine that other installs will find this beneficial.

Test Plan: Eyeball it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11293
This commit is contained in:
Joshua Spence 2015-01-09 18:03:15 +11:00
parent 04fb3defd9
commit 44f2195eec
1 changed files with 60 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
src/docs/user/configuration/notifications.diviner
View file

@ -108,3 +108,63 @@ may also have information that is useful in figuring out what's wrong.
The server also generates a log, by default in `/var/log/aphlict.log`. You can The server also generates a log, by default in `/var/log/aphlict.log`. You can
change this location by changing `notification.log` in your configuration. The change this location by changing `notification.log` in your configuration. The
log may contain information useful in resolving issues. log may contain information useful in resolving issues.
Advanced Usage
==============
It is possible to route the WebSockets traffic for Aphlict through a reverse
proxy such as `nginx` (see @{article:Configuration Guide} for instructions on
configuring `nginx`). In order to do this with `nginx`, you will require at
least version 1.3. You can read some more information about using `nginx` with
WebSockets at http://nginx.com/blog/websocket-nginx/.
There are a few benefits of this approach:
- SSL is terminated at the `nginx` layer and consequently there is no need to
configure `notificaton.ssl-cert` and `notification.ssl-key` (in fact, with
this approach you should //not// configure these options because otherwise
the Aphlict server will not accept HTTP traffic).
- You don't have to open up a separate port on the server.
- Clients don't need to be able to connect to Aphlict over a non-standard
port which may be blocked by a firewall or anti-virus software.
The following files show an example `nginx` configuration. Note that this is an
example only and you may need to adjust this to suit your own setup.
```lang=nginx, name=/etc/nginx/conf.d/connection_upgrade.conf
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
```
```lang=nginx, name=/etc/nginx/conf.d/websocket_pool.conf
upstream websocket_pool {
ip_hash;
server 127.0.0.1:22280;
}
```
```lang=nginx, name=/etc/nginx/sites-enabled/phabricator.example.com.conf
server {
server_name phabricator.example.com;
root /path/to/phabricator/webroot;
// ...
location = /ws/ {
proxy_pass http://websocket_pool;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 999999999;
}
}
```
With this approach, you should set `notification.client-uri` to
`http://localhost/ws/`. Additionally, there is no need for the Aphlict server
to bind to `0.0.0.0` anymore (which is the default behavior), so you could
start the Aphlict server with `./bin/aphlict start --client-host=localhost`
instead.