-
-
Notifications
You must be signed in to change notification settings - Fork 18
Reverse Proxy Setup
A reverse proxy is lightweight server that acts as a central contact point for clients and distributes connection requests to any number of associated servers that are usually not accessible by a client. In addition it usually offers security features like rate-limiting, basic authentication or handling of SSL certificates and can work as a web-server.
SEPIA for example requires a reverse proxy if you want to access it safely from a public domain (e.g. example.com/sepia).
SEPIA has its own reverse proxy that is included in the SEPIA-Home installation ([SEPIA-Home/sepia-reverse-proxy) and can be used for testing, prototyping or local networks. In theory it works as main proxy as well but I'd recommend to use one of the more advanced proxies mentioned below.
Nginx example setup for SEPIA
SEPIA includes sample scripts for Nginx in the SEPIA-Home folder ([SEPIA-Home]/nginx) and a deploy script at [SEPIA-Home]/setup-nginx.sh.
You can create your own file as well, for example /etc/nginx/sites-enabled/sepia.conf (Linux default folder) and add the following content:
# SEPIA WebSockets
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# SEPIA HTTPS
server {
# port to listen to
listen 443 ssl http2;
listen [::]:443 ssl http2;
# domain to listen to
server_name [my-example-com];
index index.html index.htm;
location /sepia/assist/ {
proxy_pass http://[my-sepia-ip]:20721/;
}
location /sepia/teach/ {
proxy_pass http://[my-sepia-ip]:20722/;
}
location /sepia/chat/ {
proxy_pass http://[my-sepia-ip]:20723/;
}
location /sepia/chat/messages/ {
proxy_pass http://[my-sepia-ip]:20723/messages/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 14400;
}
# ADD your SSL configuration here ...
}
Replace [my-example-com] (e.g. 'sepia.example.com') and [my-sepia-ip] (e.g. '192.168.0.10' or 'localhost') with your own values and restart Nginx with sudo nginx -s reload.
Apache HTTP server example setup for SEPIA
Many thanks to 'klausw' from the FHEM forum.
Create a new file at /etc/apache2/sites-available/sepia.conf (Linux default folder) and add the following content:
Define LOCATION sepia
Define HOST localhost
ProxyPass /${LOCATION}/assist/ http://${HOST}:20721/
ProxyPass /${LOCATION}/teach/ http://${HOST}:20722/
<Location /${LOCATION}/chat/>
ProxyPass http://${HOST}:20723/
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule /messages/(.*) ws://${HOST}:20723/messages/$1 [P]
</Location>
Adjust the line Define HOST localhost according to the IP address of your SEPIA server(s) if the Apache proxy is not running on the same machine. Then load the new settings and restart your Apache web-server:
sudo a2enmod proxy proxy_http
sudo a2enmod proxy_wstunnel
sudo a2ensite sepia.conf
sudo systemctl reload apache2
Many thanks to 'whistler' from the FHEM forum
Start command-prompt (cmd) as administrator and type in the following commands with the proper IP addresses:
set SepiaServerIP=192.168.1.x
set SepiaSTTIP=192.168.1.x
netsh interface portproxy add v4tov4 listenport=20726 connectaddress=%SepiaServerIP% connectport=20726 listenaddress=127.0.0.1
netsh interface portproxy add v4tov4 listenport=20721 connectaddress=%SepiaServerIP% connectport=20721 listenaddress=127.0.0.1
netsh interface portproxy add v4tov4 listenport=20722 connectaddress=%SepiaServerIP% connectport=20722 listenaddress=127.0.0.1
netsh interface portproxy add v4tov4 listenport=20723 connectaddress=%SepiaServerIP% connectport=20723 listenaddress=127.0.0.1
netsh interface portproxy add v4tov4 listenport=20741 connectaddress=%SepiaSTTIP% connectport=20741 listenaddress=127.0.0.1