From 0e8e22a14667005ff044300c42f8c720cc0f67b3 Mon Sep 17 00:00:00 2001 From: Athanasius Date: Sun, 13 Mar 2022 16:56:21 +0000 Subject: [PATCH] contrib: apache-eddn.conf: Attempt to correct for new "no direct access" As we've changed things to default to *not* doing TLS on the actual services, and thus relying on reverse proxying of all the relevant end points, this needed updating. Not yet tested, that will come when I put this on dev.eddn.edcd.io. --- contrib/apache-eddn.conf | 77 ++++++++++++++++++++++++++++++++-------- 1 file changed, 63 insertions(+), 14 deletions(-) diff --git a/contrib/apache-eddn.conf b/contrib/apache-eddn.conf index 77bb3c6..fa7f9dc 100644 --- a/contrib/apache-eddn.conf +++ b/contrib/apache-eddn.conf @@ -103,6 +103,8 @@ Require all denied + + # /netdata/ - for the host performance stats SSLProxyEngine On SSLProxyVerify none @@ -112,10 +114,67 @@ ProxyPass "/netdata/" "http://127.0.0.1:19999/" + # The various EDDN stats/status endpoints + + #################################### + # Only uncomment the following if you are setting non-empty + # CERT_FILE, and KEY_FILE in the main EDDN config.json + #################################### + # SSLProxyEngine On + # SSLProxyVerify none + #################################### + ProxyPreserveHost On + ProxyRequests Off + + #################################### + # Monitor, /getSoftwares/ etc + #################################### + + # Plain http if setting **empty** CERT_FILE and KEY_FILE in + # the EDDN config.json, else https. + ProxyPass "http://127.0.0.1:9091/" + + #################################### + + #################################### + # Relay, /getSoftwares/ etc + #################################### + + # Plain http if setting **empty** CERT_FILE and KEY_FILE in + # the EDDN config.json, else https. + ProxyPass "http://127.0.0.1:9091/" + + #################################### + + #################################### + # Gateway /stats/ and /health_check/ + #################################### + # May as well allow for /upload/ on this port as well + + # Plain http if setting **empty** CERT_FILE and KEY_FILE in + # the EDDN config.json, else https. + ProxyPass "http://127.0.0.1:8081/upload/" + + + + # Plain http if setting **empty** CERT_FILE and KEY_FILE in + # the EDDN config.json, else https. + ProxyPass "http://127.0.0.1:8081/stats/" + + + + # Plain http if setting **empty** CERT_FILE and KEY_FILE in + # the EDDN config.json, else https. + ProxyPass "http://127.0.0.1:8081/health_check/" + + #################################### + + + -# This is for the Gateway public URLs +# This handles the uploads on port 4430 # This will need to be commented out/disabled for initial LetsEncrypt # certificate request, as you don't have the certificate yet! @@ -162,22 +221,12 @@ ProxyRequests Off #################################### - # Gateway, both /upload/ and /stats/ etc + # Gateway /upload/ #################################### - + # Plain http if setting **empty** CERT_FILE and KEY_FILE in # the EDDN config.json, else https. - ProxyPass "http://127.0.0.1:8081/" - - #################################### - - #################################### - # Monitor, /getSoftwares/ etc - #################################### - - # Plain http if setting **empty** CERT_FILE and KEY_FILE in - # the EDDN config.json, else https. - ProxyPass "http://127.0.0.1:9091/" + ProxyPass "http://127.0.0.1:8081/upload/" ####################################