Versions Compared

Old Version 8

changes.mady.by.user James Greenwood

Saved on

compared with

New Version 9

changes.mady.by.user James Greenwood

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Apache Config Changes

HTTPS Realtime Events

If you are using opEvents with https there are a few changes needed to proxy websockets to the opEvents web-server.

You will need to enable proxy_wstunnel and modify the OMK provided Apache virtual host.

The minimum Apache version required is 2.4.5

Debian

If you are running a debian based linux os please enable these apache modules

Code Block
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel

CentOS & Redhat 7

When connecting over ssl you will need the web-socket connect to also be secured as the browser cannot run mixed content, secured page and unsecured socket connection. We can use Apache and the optional module proxy_wstunnel to terminate the secured connection and then proxy the connection to the OMKD web server.

The minimum supported Apache Version is 2.4.6, We recommend you use a virtual host and the provided Apache configuration 04omk-proxy.conf under Redhat: Edit /etc/httpd/conf.modules.d/00d/04omk-proxy.conf Debian: /etc/httpd/conf-enabled/04omk-proxy.conf is not currently setup for virtual hosts. Removing the provided 04omk-proxy.conf

All modules related to proxying websockets are listed in this configuration file, please uncomment:

...

requires you have basic understanding on editing Apache config.

Debian 9

Enable proxy_wstunnel

Enable these modules to support proxying of the websockets.

Code Block
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel

Then restart Apache

Code Block
sudo systemctl restart httpd

Proxy the webscocket

...

apache2


Enable proxy_wstunnel

Next you will need to edit /etc/

...

httpd/conf-enabled/04omk-proxy.

...

conf 


We need to tell the omk server application the connection is being proxied and the client has connected over https, Find  RequestHeader and change from http to https

Code Block
RequestHeader set X-Forwarded-Proto "https"

Above <Location "/omk"> add the following line, if you are using other languages please change "en" to your specified language, or add more entries.

Code Block
ProxyPass "/en/omk/opEvents/ws/events" ws://localhost:8042/en/omk/opEvents/ws/events

Proxy the websocket for Redhat 7

This has been tested with Apache 2.4.6

Instead of ProxyPass you will need to use ProxyPassMatch

...

Restart Apache
 Code Block
sudo systemctl restart apache2
RedHat 7 & Centos 7
Enable proxy_wstunnel
Edit /etc/httpd/conf.modules.d/00-proxy.conf
All modules related to proxying websockets are listed in this configuration file, please uncomment:

LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel modules/mod_proxy_wstunnel.so

Then restart Apache
 Code Block
sudo systemctl restart httpd

Create a new VirtualHost 
You will need to create a virtual host for proxying web sockets on Redhat, the shipped proxy file our installer / vm ships /etc/httpd/conf.d/04omk-proxy.conf  is not compatible and should be removed from Apaches conf.d/ directory.
You should understand how a virtual host works, please see https://httpd.apache.org/docs/2.4/vhosts/examples.html
...

A basic example with config to use serve opEvents over SSL and proxy the Webscockets, if you are using the Opmantek Provided VM this will be incompatible with the provided 04omk-proxy.conf., create a new file in /etc/httpd/conf.d/omkd_ssl.conf
Apache will listen on port 443, serve SSL, proxy the websockets and main application to the OMKD web server listening on localhost 8042
Apache will also redirect requests from 80 to 443 to make sure no users can access the application without SSL
 Code Block
<VirtualHost *:443>
        ServerName example.opmantek.com

        SSLEngine on
        SSLProxyEngine On
        ProxyRequests Off

        SSLCertificateFile    /etc/ssl/certs/example/cert.pem
        SSLCertificateKeyFile /etc/ssl/certs/example/privkey.pem
        SSLCertificateChainFile /etc/ssl/certs/example/fullchain.pem

        RequestHeader set X-Forwarded-Proto "https"

		# Proxy the websocket connection
        ProxyPassMatch ^(\/(en|es)\/omk\/opEvents\/ws\/events.*)$  ws://localhost:8042/$1
		# Proxy the rest of the application
        ProxyPass / http://localhost:8042/ retry=5
        ProxyPassReverse / http://localhost:8042/
		ErrorDocument 503 '<html><head><meta http-equiv="refresh" content="60"></head><body><h1>Temporary Service Interruption</h1>The requested OMK page should be back soon. This page will automatically reload in 60 seconds.</body></html>'

</VirtualHost>
<VirtualHost *:80>
    ServerName example.opmantek.com
    Redirect 301 / https://example.opmantek.com/
</VirtualHost>

Settings which you will need to modify from the example
NameValueExampleApache Docs
ServerNameFQDN of the server which users will refer to it bymonit-prod.opmatek.comhttps://httpd.apache.org/docs/2.4/vhosts/name-based.html
SSLCertificateFileServer PEM-encoded X.509 certificate data file or token identifie/etc/ssl/certs/example/cert.pemhttps://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatefile
SSLCertificateKeyFileServer PEM-encoded private key file/etc/ssl/certs/example/privkey.pemhttps://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile
SSLCertificateChainFile (Before apache 2.4.8) File of PEM-encoded Server CA Certificates/etc/ssl/certs/example/fullchain.pemhttps://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile
Redirect 301HTTPS url of the server which your users refer to byhttps://example.opmantek.com/
Then restart Apache
 Code Block
sudo systemctl restart httpd

Debugging Web Socket connections
...