Versions Compared

Old Version 19

changes.mady.by.user Louis Tissington-Weston

Saved on

compared with

New Version Current

changes.mady.by.user Louis Tissington-Weston

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

Advanced level feature: skills with Apache or Nginx web server configuration and SSL are required.

See the 'Current Issues' section below for details of problems you may encounter if you enable this feature.

...

Currently this is an opt-in feature and requires setting "opevents_realtime_gui" to "true", in the file conf/opCommon.json and restarting the server. 

sudo vi /usr/local/omk/conf/opCommon.json

OR

sudo /usr/local/nmis9/admin/patch_config.pl -r /usr/local/omk/conf/opCommon.json opevents_realtime_gui

if

...

false

...

run below

...

commands to set to true and restart the server

sudo /usr/local/nmis9/admin/patch_config.pl /usr/local/omk/conf/opCommon.json /opevents/opevents_realtime_gui=true

sudo service omkd restart

...

Code Block
<VirtualHost *:443>
        ServerName example.opmantek.com

        SSLEngine on
        SSLProxyEngine On
        ProxyRequests Off

        SSLCertificateFile    /etc/ssl/certs/example/cert.pem
        SSLCertificateKeyFile /etc/ssl/certs/example/privkey.pem
        SSLCertificateChainFile /etc/ssl/certs/example/fullchain.pem

        RequestHeader set X-Forwarded-Proto "https"

		# Proxy the websocket connection and rewrite the header           
        RewriteEngine On
        ProxyPassMatchRewriteCond %{REQUEST_URI} ^(\/(en|es)\/omk\/opEvents\/ws\/(.*)$
        RewriteRule /(.*) ws://localhost:8042/$1
		en/omk/opEvents/ws/%1 [P,L] 
   
        # Proxy the rest of the application
        ProxyPass /en/omk http://localhost:8042/en/omk
        ProxyPass /es/omk http://localhost:8042/es/omk
        ProxyPass /omk http://localhost:8042/omk
        ProxyPassReverse / http://localhost:8042/
		ErrorDocument 503 '<html><head><meta http-equiv="refresh" content="60"></head><body><h1>Temporary Service Interruption</h1>The requested OMK page should be back soon. This page will automatically reload in 60 seconds.</body></html>'

</VirtualHost>
<VirtualHost *:80>
    ServerName example.opmantek.com
    Redirect 301 / https://example.opmantek.com/
</VirtualHost>

...

Code Block
sudo systemctl restart httpd

...

Nginx Config Changes
We now support Nginx 1.18.0 and above and this can be used if you wish to switch to nginx over apache regardless of your linux distribution.
Ubuntu 20.04
...
This configuration is also to ensure you can proxy websocket connections for ubuntu 20.04 and over for ubuntu distributions as they don't , Ubuntu does not support the required apache2 version needed for opevents realtime gui .We now support Nginx 1.18.0 and above and this can be used so if you wish to switch to nginx over apache regardless of your linux distributionenable this feature and use Ubuntu you will need to follow these steps.
 Code Block
sudo apt-get install nginx
sudo apt install fcgiwrap
...
Settings which you will need to modify from the example
NameValueExampleApache Docs
ServerNameFQDN of the server which users will refer to it bymonit-prod.opmantek.comhttps://httpd.apache.org/docs/2.4/vhosts/name-based.html
SSLCertificateKeyFileServer PEM-encoded private key file/etc/ssl/certs/example/privkey.pemhttps://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile
SSLCertificateChainFile(Before apache 2.4.8) File of PEM-encoded Server CA Certificates/etc/ssl/certs/example/fullchain.pemhttps://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile
fcgiwrap.socketallows you to set up a socket for communication between a web server and fcgiwrap to handle FastCGI requests /var/run/fcgiwrap.socket

Next create two configuration files in the main nginx directory: /etc/nginx. One of these configs will be called common_proxy-_headers and will contain:
 Code Block
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
...
*note, you do not need the common_nmis_locations and can include this block into the 443 server block if you wish, this ensures no duplicated entry's though and is a more santitized configuration. You MUST include the proxy directives as a seperate configuration file, as any incorrect order or misconfiguration of proxy derectives can easily break wss:// headers in nginx. 
Create a symbolic link from /etc/nginx/sites-available/your_config to /etc/nginx/sites-enabled for the master configuration file
 Code Block
ln -s /etc/nginx/sites-available/your_config /etc/nginx/sites-enabled/your_config

Restart nginx 
 Code Block
sudo systemctl restart nginx
or
sudo service nginx restart
...