Skip to content

Behind a Reverse Proxy

If you want multiples web services, including one or more RPGM Server instances on the same server, you will need a reverse proxy.

Info

This guide shows how to accomplish such thing with NGINX with a Debian or Ubuntu distribution (under a root session).

Installing NGINX

The first step is to install NGINX:

# apt-get install nginx

Then create a new site configuration by copying the default site, and enable it by creating a symbolic link in site-enabled:

# cp /etc/nginx/sites-available/default /etc/nginx/sites-available/rpgm-server
# ln -s /etc/nginx/sites-available/rpgm-server /etc/nginx/sites-enabled

Disable the default site and restart NGINX:

# rm /etc/nginx/sites-enabled/default
# systemctl restart nginx

Site Config File

Here is an example site file, like /etc/nginx/sites-available/rpgm-server. We will set the RPGM Server to listen on the port 8080.

server {
    listen 80 default_server;
    server_name subdomain.example.com;

    location ~ /ws/∗ {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:10000;
    }

    location / {
        proxy_pass http://127.0.0.1:8080;
    }
}

default_server is the default site used when no server_name matches a configuration. Only one server block should have it per port.

Configuring RPGM

Don't forget to make RPGM Server listen on port 8080, or whatever port you choose in the NGINX file. To do this, edit config.yml and change the port number:

port: 8080
url: http://subdomain.example.com

You can find better informations about config.yml in the specific section.

HTTPS

The trick to use HTTPS behind a proxy with NGINX is to handle the SSL connection in NGINX, then forward it to RPGM Server over normal HTTP. The first server block will redirect any non-HTTPS request to its secure URL. The other server block is for the HTTPS website itself. 

server {
    listen 80;
    if ($host = rpgm.example.com) {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    client_max_body_size 10G;
    server_name rpgm.example.com;
    ssl_certificate /etc/letsencrypt/live/rpgm.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/rpgm.example.com/privkey.pem;

    location ~ /ws/∗ {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:10000;
    }

    location / {
        proxy_pass http://127.0.0.1:10000;
    }
}

In the config.yml file of RPGM, let the https settings to false but fill the other settings correctly for enabling HTTPS for the app instances:

# Web Server port
port: 8080
root: https://subdomain.example.com

# HTTPS
https: false
httpsPort: 443
httpsKey: /etc/letsencrypt/live/subdomain.example.com/privkey.pem
httpsCert: /etc/letsencrypt/live/subdomain.example.com/cert.pem