![]() ![]() Then bounce rsyslog: sudo restart rsyslog nginxįirst bounce http traffic to https: /etc/nginx/sites-enabled/default server ) Rsyslog config: /etc/rsyslog.d/nf $ModLoad imudp Haproxy logs to syslog, and expects it to be in server mode, so you need to set that up too (thanks Kevin van Zonneveld): Server server1 localhost:9000 weight 1 maxconn 1024 check Server server1 localhost:82 weight 1 maxconn 1024 check Option forwardfor # This sets X-Forwarded-For I forgot that Id gone into my Unifi router and turned on 'Threat Management', which blocked TOR. Use_backend socket_backend if is_websocket Configuring php.ini On an Unraid Deployment to Improve Performance. Openssl x509 -req -days 365 -in mysite.csr -signkey mysite.key -out mysite.crtĮnable it by editing /etc/default/stunnel and settings ENABLED=1.Ĭonfig: /etc/stunnel/nf cert = /etc/stunnel/localhost.crtĪcl is_websocket hdr(Upgrade) -i WebSocket Openssl req -new -key mysite.key -out mysite.csr # common name = your domain Here’s how (thanks Victor Farazdagi): openssl genrsa -out mysite.key 1024 Stunnel is an open-source multi-platform computer program, used to provide universal TLS/SSL tunneling service. Postfix is a open source mail transfer agent (MTA) that is widely used. To test this you’ll need an SSL certificate. This article will cover leveraging Amazon Simple Email Service (SES) in concert with Postfix and Stunnel as a solution for sending email at scale. That’s why we have haproxy.īut haproxy doesn’t do SSL, that’s why we have stunnel.Īnd haproxy isn’t a web server, so we still need nginx. ![]() Support HTTP/1.1 for it’s backends, so it can’t proxy web socket traffic. gunicorn runs python / django, and there’s a database out back somewhere, but that’s not relevant here.node runs socket.io, handling the web socket traffic.haproxy sends web socket traffic to node and web traffic to nginx.It decrypts both web traffic (HTTPS to HTTP), and web socket traffic (WSS to WS). stunnel decrypts the ssl, so everything after that doesn’t know about it.I also only tested it with socket.io’s web socket transport. You’ll certainly want to tweak haproxy’s config for performance. I’m assuming you’re on Ubuntu.ĭisclaimer: I got this working last night, so no promises. Here’s a setup to put them both on the same port, and make them both go over SSL. My current project has a realtime part, using socket.io on nodejs, and a web part using django on nginx / gunicorn. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |