Skip to content

Reverse Proxy Setup

Jump to bottom
SEPIA Open Assistant edited this page Jan 14, 2020 · 15 revisions

What is a reverse proxy and why/when do I need one?

A reverse proxy is lightweight server that acts as a central contact point for clients and distributes connection requests to any number of associated servers that are usually not accessible by a client. In addition it usually offers security features like rate-limiting, basic authentication or handling of SSL certificates and can work as a web-server.
SEPIA for example requires a reverse proxy if you want to access it safely from a public domain (e.g. example.com/sepia).

SEPIA reverse proxy

SEPIA has its own reverse proxy that is included in the SEPIA-Home installation ([SEPIA-Home/sepia-reverse-proxy) and can be used for testing, prototyping or local networks. In theory it works as main proxy as well but I'd recommend to use one of the more advanced proxies mentioned below.

Nginx example setup for SEPIA

SEPIA includes sample scripts for Nginx in the SEPIA-Home folder ([SEPIA-Home]/nginx) and a deploy script at [SEPIA-Home]/setup-nginx.sh.
You can create your own file as well, for example /etc/nginx/sites-enabled/sepia.conf (Linux default folder) and add the following content:

# SEPIA WebSockets
map $http_upgrade $connection_upgrade {
	default upgrade;
	''      close;
}

# SEPIA HTTPS
server {
	# port to listen to 
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	# domain to listen to 
	server_name [my-example-com];
	
	index index.html index.htm;
	
	location /sepia/assist/ {
		proxy_pass http://[my-sepia-ip]:20721/;
	}
	location /sepia/teach/ {
		proxy_pass http://[my-sepia-ip]:20722/;
	}
	location /sepia/chat/ {
		proxy_pass http://[my-sepia-ip]:20723/;
	}
	location /sepia/chat/messages/ {
		proxy_pass http://[my-sepia-ip]:20723/messages/;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
		proxy_read_timeout 14400;
	}

	# ADD your SSL configuration here ...
}

Replace [my-example-com] (e.g. 'sepia.example.com') and [my-sepia-ip] (e.g. '192.168.0.10' or 'localhost') with your own values and restart Nginx with sudo nginx -s reload.

Apache HTTP server example setup for SEPIA

Many thanks to 'klausw' from the FHEM forum.
Create a new file at /etc/apache2/sites-available/sepia.conf (Linux default folder) and add the following content:

Define LOCATION sepia
Define HOST localhost

ProxyPass /${LOCATION}/assist/ http://${HOST}:20721/
ProxyPass /${LOCATION}/teach/ http://${HOST}:20722/

<Location /${LOCATION}/chat/>
  ProxyPass http://${HOST}:20723/

  RewriteEngine On
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
  RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
  RewriteRule /messages/(.*) ws://${HOST}:20723/messages/$1 [P]
</Location>

Adjust the line Define HOST localhost according to the IP address of your SEPIA server(s) if the Apache proxy is not running on the same machine. Then load the new settings and restart your Apache web-server:

sudo a2enmod proxy proxy_http
sudo a2enmod proxy_wstunnel
sudo a2ensite sepia.conf
sudo systemctl reload apache2

Clone this wiki locally