The following instructions are a guide for setting this up on Debian
and Ubuntu systems, but expect general familiarity with various system
-administration and netwrok tasks. The steps should be run as the *root*
+administration and network tasks. The steps should be run as the *root*
Linux account, and assume that you already followed the instructions
for installing WebSockets support.
var WEBSOCKET_PORT_SSL = 443;
---------------------------------------------------------------------------
+Optional: Using HAProxy as a proxy
+----------------------------------
+HAProxy can also be used to proxy HTTP, HTTPS, and WebSockets traffic
+as an alternative to NGINX.
+
+The following instructions are a guide for setting this up on Debian
+and Ubuntu systems, but expect general familiarity with various system
+administration and network tasks. The steps should be run as the *root*
+Linux account, and assume that you already followed the instructions
+for installing WebSockets support.
+
+1. Install HAProxy if not already present:
++
+[source, bash]
+---------------------------------------------------------------------------
+apt-get install haproxy
+---------------------------------------------------------------------------
++
+2. Configure the main Apache instance to listen on port 7080 for HTTP and
+ port 7443 for HTTPS and ensure that it is not listening on ports 80
+ and 443, then restart Apache.
+3. Append the example HAProxy to `haproxy.cfg`.
++
+[source, bash]
+---------------------------------------------------------------------------
+cd /path/to/opensrf-OSRFVERSION
+cat examples/haproxy/osrf-ws-http-proxy >> /etc/haproxy/haproxy.cfg
+---------------------------------------------------------------------------
++
+4. Edit `/etc/haproxy/haproxy.cfg` to set the location
+ of the PEM file containing the SSL certificate and private key.
+5. Start HAProxy.
++
+[source, bash]
+---------------------------------------------------------------------------
+/etc/init.d/haproxy start
+---------------------------------------------------------------------------
++
+6. Edit `<PREFIX>/javascript/opensrf_ws.js` and `<PREFIX>/javascript/opensrf_ws_shared.js`
+ and change
++
+[source, javascript]
+---------------------------------------------------------------------------
+var WEBSOCKET_PORT_SSL = 7682;
+---------------------------------------------------------------------------
++
+to
++
+[source, javascript]
+---------------------------------------------------------------------------
+var WEBSOCKET_PORT_SSL = 443;
+---------------------------------------------------------------------------
Troubleshooting note for Python users
-------------------------------------
--- /dev/null
+listen web 0.0.0.0:80
+ mode http
+ option forwardfor
+ http-request set-header X-Client-IP %[src]
+ balance roundrobin
+ server web01 localhost:7080 check
+
+frontend https_ws
+ bind 0.0.0.0:443 ssl crt /etc/apache2/ssl/cert_plus_key.pem
+ mode http
+ option forwardfor
+ option httpclose
+ reqadd X-Forwarded-Proto:\ https
+ acl is_websocket hdr(Upgrade) -i WebSocket
+ use_backend ws if is_websocket
+ default_backend https_server
+
+backend https_server
+ mode http
+ balance roundrobin
+ server s1 localhost:7443 ssl verify none
+
+backend ws
+ timeout server 300s
+ server ws1 localhost:7682 ssl verify none