SHARE
TWEET

Untitled

chrissharp123 Mar 14th, 2019 58 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. eg_vhost.com snippet:
  2.  
  3. # OPTIONAL: Running the translator behind a proxy requires accessing
  4. # the client IP address via mod_remoteip (sudo a2enmod remoteip).
  5. # Below is a sample configuration for a proxy running on the same
  6. # server and passing the client IP address via the X-Real-IP header.
  7. #
  8. RemoteIPInternalProxy 127.0.0.1/24
  9. RemoteIPInternalProxy ::1
  10. RemoteIPHeader X-Real-IP
  11.  
  12. osrf-ws-http-proxy:
  13.  
  14. # File /etc/nginx/sites-available/osrf-ws-http-proxy
  15. #
  16. # $ ln -s /etc/nginx/sites-available/osrf-ws-http-proxy \
  17. #   /etc/nginx/sites-enabled/osrf-ws-http-proxy
  18. # $ sudo service nginx restart
  19. #
  20. # Assumes Apache is listening on HTTP=7080 and HTTPS=7443
  21.  
  22. server {
  23.     listen 80;
  24.  
  25.     location / {
  26.         proxy_pass http://127.0.0.1:7080;
  27.         proxy_set_header Host $host;
  28.         proxy_set_header X-Real-IP $remote_addr;
  29.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  30.         proxy_set_header X-Forwarded-Proto $scheme;
  31.         proxy_read_timeout 180s;
  32.     }
  33.  
  34. }
  35.  
  36. server {
  37.     listen 443;
  38.     ssl on;
  39.  
  40.     # Use the same SSL certificate as Apache.
  41.     ssl_certificate /etc/apache2/ssl/server.crt;
  42.     ssl_certificate_key /etc/apache2/ssl/server.key;
  43.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # omit SSLv3 because of POODLE
  44.     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  45.     ssl_prefer_server_ciphers on;
  46.     ssl_dhparam /etc/apache2/ssl/dhparams.pem;
  47.  
  48.     location / {
  49.         proxy_pass https://127.0.0.1:7443;
  50.         proxy_set_header Host $host;
  51.         proxy_set_header X-Real-IP $remote_addr;
  52.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  53.         proxy_set_header X-Forwarded-Proto $scheme;
  54.         proxy_read_timeout 180s;
  55.     }
  56.  
  57.     location /osrf-websocket-translator {
  58.         proxy_pass http://127.0.0.1:7682;
  59.         proxy_set_header X-Real-IP $remote_addr;
  60.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  61.  
  62.         # Needed for websockets proxying.
  63.         proxy_http_version 1.1;
  64.         proxy_set_header Upgrade $http_upgrade;
  65.         proxy_set_header Connection "upgrade";
  66.  
  67.         # Raise the default nginx proxy timeout values to an arbitrarily
  68.         # high value so that we can leverage osrf-websocket-translator's
  69.         # timeout settings.
  70.         proxy_connect_timeout 5m;
  71.         proxy_send_timeout 5m;
  72.         proxy_read_timeout 5m;
  73.     }
  74. }
  75.  
  76. rpaf.conf:
  77.  
  78. <IfModule rpaf_module>
  79.     RPAFenable On
  80.  
  81.     # When enabled, take the incoming X-Host header and
  82.     # update the virtualhost settings accordingly:
  83.     RPAFsethostname On
  84.  
  85.     # Define which IP's are your frontend proxies that sends
  86.     # the correct X-Forwarded-For headers:
  87.     RPAFproxy_ips 127.0.0.1 ::1
  88.  
  89.     # Change the header name to parse from the default
  90.     # X-Forwarded-For to something of your choice:
  91.     RPAFheader X-Real-IP
  92. </IfModule>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top