eg_vhost.com snippet:# OPTIONAL: Running the translator behind a proxy requi

1. eg_vhost.com snippet:
2.  
3. # OPTIONAL: Running the translator behind a proxy requires accessing
4. # the client IP address via mod_remoteip (sudo a2enmod remoteip).
5. # Below is a sample configuration for a proxy running on the same
6. # server and passing the client IP address via the X-Real-IP header.
7. #
8. RemoteIPInternalProxy 127.0.0.1/24
9. RemoteIPInternalProxy ::1
10. RemoteIPHeader X-Real-IP
11.  
12. osrf-ws-http-proxy:
13.  
14. # File /etc/nginx/sites-available/osrf-ws-http-proxy
15. #
16. # $ ln -s /etc/nginx/sites-available/osrf-ws-http-proxy \
17. # /etc/nginx/sites-enabled/osrf-ws-http-proxy
18. # $ sudo service nginx restart
19. #
20. # Assumes Apache is listening on HTTP=7080 and HTTPS=7443
21.  
22. server {
23. listen 80;
24.  
25. location / {
26. proxy_pass http://127.0.0.1:7080;
27. proxy_set_header Host $host;
28. proxy_set_header X-Real-IP $remote_addr;
29. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
30. proxy_set_header X-Forwarded-Proto $scheme;
31. proxy_read_timeout 180s;
32. }
33.  
34. }
35.  
36. server {
37. listen 443;
38. ssl on;
39.  
40. # Use the same SSL certificate as Apache.
41. ssl_certificate /etc/apache2/ssl/server.crt;
42. ssl_certificate_key /etc/apache2/ssl/server.key;
43. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # omit SSLv3 because of POODLE
44. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
45. ssl_prefer_server_ciphers on;
46. ssl_dhparam /etc/apache2/ssl/dhparams.pem;
47.  
48. location / {
49. proxy_pass https://127.0.0.1:7443;
50. proxy_set_header Host $host;
51. proxy_set_header X-Real-IP $remote_addr;
52. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
53. proxy_set_header X-Forwarded-Proto $scheme;
54. proxy_read_timeout 180s;
55. }
56.  
57. location /osrf-websocket-translator {
58. proxy_pass http://127.0.0.1:7682;
59. proxy_set_header X-Real-IP $remote_addr;
60. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
61.  
62. # Needed for websockets proxying.
63. proxy_http_version 1.1;
64. proxy_set_header Upgrade $http_upgrade;
65. proxy_set_header Connection "upgrade";
66.  
67. # Raise the default nginx proxy timeout values to an arbitrarily
68. # high value so that we can leverage osrf-websocket-translator's
69. # timeout settings.
70. proxy_connect_timeout 5m;
71. proxy_send_timeout 5m;
72. proxy_read_timeout 5m;
73. }
74. }
75.  
76. rpaf.conf:
77.  
78. <IfModule rpaf_module>
79. RPAFenable On
80.  
81. # When enabled, take the incoming X-Host header and
82. # update the virtualhost settings accordingly:
83. RPAFsethostname On
84.  
85. # Define which IP's are your frontend proxies that sends
86. # the correct X-Forwarded-For headers:
87. RPAFproxy_ips 127.0.0.1 ::1
88.  
89. # Change the header name to parse from the default
90. # X-Forwarded-For to something of your choice:
91. RPAFheader X-Real-IP
92. </IfModule>