Using Apache2 to Proxy Servatrice Websockets with SSL - Cockatrice/Cockatrice GitHub Wiki
This is a template of configurations to configure your Apache2 service to proxy the Cockatrice websocket server. Many of the details are glossed over unlike the SSL Websockets - NGINX article.
In order for us to accept websocket connections, we have to configure Servatrice to accept them:
[server]
; Servatrice can listen for clients on websockets, too. Unfortunately it can't support more than one thread.
; Set to 0 to disable the websocket server.
websocket_number_pools=1
; The TCP port number servatrice will listen on for websocket clients; default is 4748
websocket_port=4748
We now need to tell servatrice where to find the real IP of the connecting client. Since we are proxying via Apache, the real address can be found in the X-Forwarded-For
header.
You will need to add this line to your servatrice.ini
; The header to check for the client's actual IP address
web_socket_ip_header="X-Forwarded-For"
Start of by creating a regular subdomain configuration via apache2 and set it up with Cert Bot for SSL certificates.
This should generate a apache VirtualHost configuration with the Lets Encrypt configuration setup somewhere around /etc/apache2/sites-available
.
Enable the proxy engines we will be using:
$ a2enmod proxy
$ a2enmod proxy_http
$ a2enmod proxy_wstunnel
Now in your new VirtualHost, add the RewriteEngine rules to rewrite upgrade connects, and the ProxyPass rule to proxy WS traffic:
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:4748/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass "/servatrice" "ws://localhost:4748/servatrice"
ProxyPassReverse "/servatrice" "ws://localhost:4748/servatrice"
Note that we are redirecting the traffic /servatrice
to ws://localhost:4748/servatrice
. The game server is hosted in the /servatrice
folder.
If you want to be fancy, you can make all traffic auto route to this folder with a slight change of the ProxyPass, but this might interfere if you have a website also running on that route (self-hosted webatrice for example)
Aaaand done. Simply restart your servatrice and apache2 configuration for it to apply. A full VirtualHost module may look something like:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName mtg.chickatrice.net
DocumentRoot /var/www/mtg.chickatrice.net/
ErrorLog ${APACHE_LOG_DIR}/mtg.error.log
CustomLog ${APACHE_LOG_DIR}/mtg.access.log combined
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:4748/$1 [P,L]
# Disabled: We only need to rewrite WS requests to servatrice
# RewriteCond %{HTTP:Upgrade} !=websocket [NC]
# RewriteRule /(.*) http://localhost:4748/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass "/servatrice" "ws://localhost:4748/servatrice"
ProxyPassReverse "/servatrice" "ws://localhost:4748/servatrice"
SSLCertificateFile /etc/letsencrypt/live/mtg.chickatrice.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mtg.chickatrice.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
( dont blindly copy above, this is a mix of auto-generated and site specific configuration )