7:06 p.m.
This is a multipart message in MIME format.
------=_NextPart_000_02AD_01D01AA1.DD69F530
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
I just realized this morning that my noVNC connections were not working for
IPv6 only on cloudspin.me
For those who want to deploy dual stack functionality for
ovirt-websocket-proxy here is a very simple and elegant fix.
NGINX is a useful tool :)
You will need nginx to proxy the connection between your IPv6 customers, and
the IPv4 listening only websocket proxy(however that can be changed in
/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy
.conf but you can't have your cake and eat it too. one or the other ipv4 or
ipv6)
Anyways, here is the fix
Install nginx on your websocket proxy server - Why Nginx, because I like it
better than apache. The default config for Ovirt could be setup to do this
with the web server that is already running :) just sayin
For my configuration I am running the websocket proxy on a different host,
but I imagine you could use this config in a full deployment and use
websocket proxy on the engine host
server {
server_name web.cloudspin.me; # this is the hostname that you told
the engine that the websocket proxy would be listening on
#listen 6100; #Commented because I am using this for
ipv6 only, but you could use nginx to proxy both and only open one port in
the firewall
listen [::]:6100 ssl; #NOTE this needs to listen on the same
port you told the engine the websocket proxy would be listening on
ssl_certificate /physical/path/to/ssl/cert; #I used the
same cert that my websocket proxy is using
ssl_certificate_key /physical/path/to/ssl/key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/websocket.cloudspin.me-access.log;
error_log /var/log/nginx/websocket.cloudspin.me-error.log;
location / {
proxy_pass https://ip_address_of_websocket_proxy:6100;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Too easy to fix the many problems I have had getting websocket proxy to
work. If you have a commerical cert and key, this would be a great place to
put it, so your users don't have to bother with trusting your CA, it will
just work
Cheers and I hope this helps
If anyone needs any help getting this to work give me a shout
Donny D
cloudspin.me
------=_NextPart_000_02AD_01D01AA1.DD69F530
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta =
http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 14 =
(filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US
link=3Dblue =
vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal>I just =
realized this morning that my noVNC connections were not working for =
IPv6 only on cloudspin.me<o:p></o:p></p><p class=3DMsoNormal>For
those =
who want to deploy dual stack functionality for ovirt-websocket-proxy =
here is a very simple and elegant fix. <o:p></o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p><p
class=3DMsoNormal>NGINX is a =
useful tool :)<o:p></o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p><p
class=3DMsoNormal>You will =
need nginx to proxy the connection between your IPv6 customers, and the =
IPv4 listening only websocket proxy(however that can be changed in =
/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-pr=
oxy.conf but you can't have your cake and eat it too… one or the =
other ipv4 or ipv6)<o:p></o:p></p><p class=3DMsoNormal>Anyways,
here is =
the fix<o:p></o:p></p><p
class=3DMsoNormal><o:p> </o:p></p><p =
class=3DMsoNormal>Install nginx on your websocket proxy server - Why =
Nginx, because I like it better than apache. The default config for =
Ovirt could be setup to do this with the web server that is already =
running :) just sayin<o:p></o:p></p><p class=3DMsoNormal>For my =
configuration I am running the websocket proxy on a different host, but =
I imagine you could use this config in a full deployment and use =
websocket proxy on the engine host<o:p></o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>server =
{<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
server_name =
web.cloudspin.me; # this is the hostname that you told the engine that =
the websocket proxy would be listening
on<o:p></o:p></span></p><p =
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
#listen =
6100; &n=
bsp; #Commented because I am using this for ipv6 only, but you could use =
nginx to proxy both and only open one port in the =
firewall<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
listen [::]:6100 =
ssl; #NOTE this needs to listen on the same port
=
you told the engine the websocket proxy would be listening =
on <o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'> ssl_certificate=
=
/physical/path/to/ssl/cert; #I used the same cert that my websocket =
proxy is using<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
ssl_certificate_key =
/physical/path/to/ssl/key;<o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
ssl =
on;<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
ssl_session_cache builtin:1000 =
shared:SSL:10m;<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
ssl_protocols =
TLSv1 TLSv1.1 TLSv1.2;<o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
ssl_ciphers =
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;<o:p></o:p></spa=
n></p><p class=3DMsoNormal style=3D'text-autospace:none'><span
=
style=3D'font-size:10.0pt;font-family:"Lucida
Console"'> =
ssl_prefer_server_ciphers =
on;<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
access_log =
/var/log/nginx/websocket.cloudspin.me-access.log;<o:p></o:p></span></p><p=
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
error_log =
/var/log/nginx/websocket.cloudspin.me-error.log;<o:p></o:p></span></p><p
=
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
location / =
{<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'> &nb=
sp; proxy_pass =
https://ip_address_of_websocket_proxy:6100;<o:p></o:p></sp...
=
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
proxy_http_version 1.1;<o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
proxy_set_header Upgrade $http_upgrade;<o:p></o:p></span></p><p
=
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
proxy_set_header Connection
"upgrade";<o:p></o:p></span></p><p =
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'> &nb=
sp; <o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'> }<o:p></o:p></s=
pan></p><p class=3DMsoNormal style=3D'text-autospace:none'><span
=
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
}<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>Too easy to
fix =
the many problems I have had getting websocket proxy to work. If you =
have a commerical cert and key, this would be a great place to put it, =
so your users don't have to bother with trusting your CA, it will just =
work <o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>Cheers and I
=
hope this helps<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>If anyone
needs =
any help getting this to work give me a
shout<o:p></o:p></span></p><p =
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>Donny =
D<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>cloudspin.me<o:p></o:p></span></p><p =
class=3DMsoNormal><o:p> </o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p></div></body></html>
------=_NextPart_000_02AD_01D01AA1.DD69F530--
7:09 p.m.
This is a multipart message in MIME format.
------=_NextPart_000_02C0_01D01AA2.54DA4840
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
I would also like to note that if nginx and websocket proxy are on the same
machine you cannot have both nginx and websocket proxy listening on 6100. it
would be best to change the websocket proxy listening port and then proxy
both ipv4 and 6 with nginx :)
From: users-bounces(a)ovirt.org [mailto:users-bounces@ovirt.org] On Behalf Of
Donny Davis
Sent: Thursday, December 18, 2014 9:06 AM
To: users(a)ovirt.org
Subject: [ovirt-users] IPv6 Functionality for WebSocket Proxy
I just realized this morning that my noVNC connections were not working for
IPv6 only on cloudspin.me
For those who want to deploy dual stack functionality for
ovirt-websocket-proxy here is a very simple and elegant fix.
NGINX is a useful tool :)
You will need nginx to proxy the connection between your IPv6 customers, and
the IPv4 listening only websocket proxy(however that can be changed in
/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy
.conf but you can't have your cake and eat it too. one or the other ipv4 or
ipv6)
Anyways, here is the fix
Install nginx on your websocket proxy server - Why Nginx, because I like it
better than apache. The default config for Ovirt could be setup to do this
with the web server that is already running :) just sayin
For my configuration I am running the websocket proxy on a different host,
but I imagine you could use this config in a full deployment and use
websocket proxy on the engine host
server {
server_name web.cloudspin.me; # this is the hostname that you told
the engine that the websocket proxy would be listening on
#listen 6100; #Commented because I am using this for
ipv6 only, but you could use nginx to proxy both and only open one port in
the firewall
listen [::]:6100 ssl; #NOTE this needs to listen on the same
port you told the engine the websocket proxy would be listening on
ssl_certificate /physical/path/to/ssl/cert; #I used the
same cert that my websocket proxy is using
ssl_certificate_key /physical/path/to/ssl/key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/websocket.cloudspin.me-access.log;
error_log /var/log/nginx/websocket.cloudspin.me-error.log;
location / {
proxy_pass https://ip_address_of_websocket_proxy:6100;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Too easy to fix the many problems I have had getting websocket proxy to
work. If you have a commerical cert and key, this would be a great place to
put it, so your users don't have to bother with trusting your CA, it will
just work
Cheers and I hope this helps
If anyone needs any help getting this to work give me a shout
Donny D
cloudspin.me
------=_NextPart_000_02C0_01D01AA2.54DA4840
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META =
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 14 =
(filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US
link=3Dblue =
vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span =
style=3D'color:#1F497D'>I would also like to note that if nginx and =
websocket proxy are on the same machine you cannot have both nginx and =
websocket proxy listening on 6100… it would be best to change the =
websocket proxy listening port and then proxy both ipv4 and 6 with nginx =
:)<o:p></o:p></span></p><p class=3DMsoNormal><span =
style=3D'color:#1F497D'><o:p> </o:p></span></p><div><div
=
style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in'><p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span>=
</b><span
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
=
users-bounces(a)ovirt.org [mailto:users-bounces@ovirt.org] <b>On Behalf Of =
</b>Donny Davis<br><b>Sent:</b> Thursday, December 18, 2014 9:06
=
AM<br><b>To:</b> users@ovirt.org<br><b>Subject:</b>
[ovirt-users] IPv6 =
Functionality for WebSocket
Proxy<o:p></o:p></span></p></div></div><p =
class=3DMsoNormal><o:p> </o:p></p><p
class=3DMsoNormal>I just =
realized this morning that my noVNC connections were not working for =
IPv6 only on cloudspin.me<o:p></o:p></p><p class=3DMsoNormal>For
those =
who want to deploy dual stack functionality for ovirt-websocket-proxy =
here is a very simple and elegant fix. <o:p></o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p><p
class=3DMsoNormal>NGINX is a =
useful tool :)<o:p></o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p><p
class=3DMsoNormal>You will =
need nginx to proxy the connection between your IPv6 customers, and the =
IPv4 listening only websocket proxy(however that can be changed in =
/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-pr=
oxy.conf but you can't have your cake and eat it too… one or the =
other ipv4 or ipv6)<o:p></o:p></p><p class=3DMsoNormal>Anyways,
here is =
the fix<o:p></o:p></p><p
class=3DMsoNormal><o:p> </o:p></p><p =
class=3DMsoNormal>Install nginx on your websocket proxy server - Why =
Nginx, because I like it better than apache. The default config for =
Ovirt could be setup to do this with the web server that is already =
running :) just sayin<o:p></o:p></p><p class=3DMsoNormal>For my =
configuration I am running the websocket proxy on a different host, but =
I imagine you could use this config in a full deployment and use =
websocket proxy on the engine host<o:p></o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>server =
{<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
server_name =
web.cloudspin.me; # this is the hostname that you told the engine that =
the websocket proxy would be listening
on<o:p></o:p></span></p><p =
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
#listen =
6100; &n=
bsp; #Commented because I am using this for ipv6 only, but you could use =
nginx to proxy both and only open one port in the =
firewall<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
listen [::]:6100 =
ssl; #NOTE this needs to listen on the same port
=
you told the engine the websocket proxy would be listening =
on <o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'> ssl_certificate=
=
/physical/path/to/ssl/cert; #I used the same cert that my websocket =
proxy is using<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
ssl_certificate_key =
/physical/path/to/ssl/key;<o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
ssl =
on;<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
ssl_session_cache builtin:1000 =
shared:SSL:10m;<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
ssl_protocols =
TLSv1 TLSv1.1 TLSv1.2;<o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
ssl_ciphers =
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;<o:p></o:p></spa=
n></p><p class=3DMsoNormal style=3D'text-autospace:none'><span
=
style=3D'font-size:10.0pt;font-family:"Lucida
Console"'> =
ssl_prefer_server_ciphers =
on;<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
access_log =
/var/log/nginx/websocket.cloudspin.me-access.log;<o:p></o:p></span></p><p=
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
error_log =
/var/log/nginx/websocket.cloudspin.me-error.log;<o:p></o:p></span></p><p
=
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
location / =
{<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'> &nb=
sp; proxy_pass <a =
href=3D"https://ip_address_of_websocket_proxy:6100">https://ip_address_of=
_websocket_proxy:6100</a>;<o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
proxy_http_version 1.1;<o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
proxy_set_header Upgrade $http_upgrade;<o:p></o:p></span></p><p
=
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
=
proxy_set_header Connection
"upgrade";<o:p></o:p></span></p><p =
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'> &nb=
sp; <o:p></o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'> }<o:p></o:p></s=
pan></p><p class=3DMsoNormal style=3D'text-autospace:none'><span
=
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>
}<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>Too easy to
fix =
the many problems I have had getting websocket proxy to work. If you =
have a commerical cert and key, this would be a great place to put it, =
so your users don't have to bother with trusting your CA, it will just =
work <o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>Cheers and I
=
hope this helps<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>If anyone
needs =
any help getting this to work give me a
shout<o:p></o:p></span></p><p =
class=3DMsoNormal style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'><o:p> </o:p></span></p><p
class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida Console"'>Donny =
D<o:p></o:p></span></p><p class=3DMsoNormal =
style=3D'text-autospace:none'><span =
style=3D'font-size:10.0pt;font-family:"Lucida =
Console"'>cloudspin.me<o:p></o:p></span></p><p =
class=3DMsoNormal><o:p> </o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p><p =
class=3DMsoNormal><o:p> </o:p></p></div></body></html>
------=_NextPart_000_02C0_01D01AA2.54DA4840--
3627
days inactive
3627
days old
1 comments
1 participants
participants (1)
-
Donny Davis