Closed shamun closed 9 years ago
We use haproxy as a proxy forward server to do that.
haproxy routes all port 80 and 443 traffic to the signalmaster instance, here is the config we use for that:
global
log 127.0.0.1 local0 debug
maxconn 8000
user haproxy
group haproxy
defaults
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
mode http
maxconn 5000
timeout connect 5s
timeout client 30s
timeout server 30s
timeout tunnel 12h
frontend www
bind :80
option forwardfor
redirect scheme https if !{ ssl_fc }
frontend lb
bind :443 ssl crt /etc/haproxy/sslkeys/cert.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA
option forwardfor
reqadd X-Forwarded-Proto:\ https
default_backend api
acl is_websocket hdr(Upgrade) -i WebSocket
acl is_websocket hdr_beg(Host) -i ws
acl is_api hdr_beg(Host) -i api
use_backend ws if is_websocket
use_backend api if is_api
backend api
balance roundrobin
server service 127.0.0.1:5001 weight 1 maxconn 2500 check
backend ws
balance roundrobin
server service 127.0.0.1:5001 weight 1 maxconn 2500 check
Note, you could also use nginx and/or apache for that - I prefer haproxy because it is a more flexible proxy/ssl termination tool and, IMO, a better fit for the task
@bear: Thank you very much, i tested with: stunnel, Apache proxypass, haproxy, nginx all worked.
My main link is HTTPS://WWW.Mydomain.com and i am running Signalmaster which is HTTP, as a result i get following:
How do i configure the natively Signalmaster to run as HTTPS (not as HTTP as it is right now) with my wild card certificates (CERT, KEY, CA files)? (or i should depend on Apache proxypass/stunnel, then it wont be so reliable)