Advertisement
chrissharp123

Untitled

Mar 14th, 2019
552
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.50 KB | None | 0 0
  1. eg_vhost.com snippet:
  2.  
  3. # OPTIONAL: Running the translator behind a proxy requires accessing
  4. # the client IP address via mod_remoteip (sudo a2enmod remoteip).
  5. # Below is a sample configuration for a proxy running on the same
  6. # server and passing the client IP address via the X-Real-IP header.
  7. #
  8. RemoteIPInternalProxy 127.0.0.1/24
  9. RemoteIPInternalProxy ::1
  10. RemoteIPHeader X-Real-IP
  11.  
  12. osrf-ws-http-proxy:
  13.  
  14. # File /etc/nginx/sites-available/osrf-ws-http-proxy
  15. #
  16. # $ ln -s /etc/nginx/sites-available/osrf-ws-http-proxy \
  17. # /etc/nginx/sites-enabled/osrf-ws-http-proxy
  18. # $ sudo service nginx restart
  19. #
  20. # Assumes Apache is listening on HTTP=7080 and HTTPS=7443
  21.  
  22. server {
  23. listen 80;
  24.  
  25. location / {
  26. proxy_pass http://127.0.0.1:7080;
  27. proxy_set_header Host $host;
  28. proxy_set_header X-Real-IP $remote_addr;
  29. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  30. proxy_set_header X-Forwarded-Proto $scheme;
  31. proxy_read_timeout 180s;
  32. }
  33.  
  34. }
  35.  
  36. server {
  37. listen 443;
  38. ssl on;
  39.  
  40. # Use the same SSL certificate as Apache.
  41. ssl_certificate /etc/apache2/ssl/server.crt;
  42. ssl_certificate_key /etc/apache2/ssl/server.key;
  43. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # omit SSLv3 because of POODLE
  44. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  45. ssl_prefer_server_ciphers on;
  46. ssl_dhparam /etc/apache2/ssl/dhparams.pem;
  47.  
  48. location / {
  49. proxy_pass https://127.0.0.1:7443;
  50. proxy_set_header Host $host;
  51. proxy_set_header X-Real-IP $remote_addr;
  52. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  53. proxy_set_header X-Forwarded-Proto $scheme;
  54. proxy_read_timeout 180s;
  55. }
  56.  
  57. location /osrf-websocket-translator {
  58. proxy_pass http://127.0.0.1:7682;
  59. proxy_set_header X-Real-IP $remote_addr;
  60. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  61.  
  62. # Needed for websockets proxying.
  63. proxy_http_version 1.1;
  64. proxy_set_header Upgrade $http_upgrade;
  65. proxy_set_header Connection "upgrade";
  66.  
  67. # Raise the default nginx proxy timeout values to an arbitrarily
  68. # high value so that we can leverage osrf-websocket-translator's
  69. # timeout settings.
  70. proxy_connect_timeout 5m;
  71. proxy_send_timeout 5m;
  72. proxy_read_timeout 5m;
  73. }
  74. }
  75.  
  76. rpaf.conf:
  77.  
  78. <IfModule rpaf_module>
  79. RPAFenable On
  80.  
  81. # When enabled, take the incoming X-Host header and
  82. # update the virtualhost settings accordingly:
  83. RPAFsethostname On
  84.  
  85. # Define which IP's are your frontend proxies that sends
  86. # the correct X-Forwarded-For headers:
  87. RPAFproxy_ips 127.0.0.1 ::1
  88.  
  89. # Change the header name to parse from the default
  90. # X-Forwarded-For to something of your choice:
  91. RPAFheader X-Real-IP
  92. </IfModule>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement