To handle the increase of web traffic associated with websockets, we have added a second webserver in release v20.09.00. The Apache webserver will continue to handle the regular webpage requests. The newly added NGINX webserver will handle the websocket traffic.
Follow these steps to successfully install and configure this new version of Submitty.
-
Install NGINX:
sudo apt-get install -qqy nginx-full
NOTE: Alternatively, this will be happen when you get the new Submitty source code and run INSTALL_SYSTEM.sh.
-
Remove the default nginx site,
/etc/nginx/sites-available/default
, if desired. -
Copy our sample nginx
submitty.conf
file from:https://github.com/Submitty/Submitty/blob/master/.setup/nginx/submitty.conf
to:
/etc/nginx/sites-available
-
If desired, update this file to use ssl.
To combine the existing cert chain in to a pem that nginx can use:
cp submitty.cer submitty.pem cat chain.cer >> submitty.pem
And update the NGINX
submitty.conf
:server { # SSL configuration listen 8443 ssl default_server; listen [::]:8443 ssl default_server; #dont show OS or version identity server_tokens off; ssl on; ssl_certificate /etc/apache2/ssl/submitty-demo.pem; ssl_certificate_key /etc/apache2/ssl/submitty-demo.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA; ssl_session_cache shared:SSL:10m; server_name _; location / { return 404; } location /ws { proxy_pass http://127.0.0.1:41983/; #Yes, http is proper here for nginx web socket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; } }
-
Create a symlink for NGINX
submitty.conf
fromsites-available
tosites-enabled
:ln -s /etc/nginx/sites-available/submitty.conf /etc/nginx/sites-enabled/submitty.conf
-
Remove any other files/symlinks from the
/etc/nginx/sites-enabled/
directory (unless required for some other purpose on your server). -
Remove the existing websocket proxying from Apache installed with version v20.06.00.
Edit
/etc/apache2/sites-available/submitty.conf
to remove this line:ProxyPass "/ws" "ws://127.0.0.1:41983/"
-
Websockets are served over port 8443. It may be necessary to create a firewall exception.
-
Restart
nginx
andsubmitty_websocket_server
:sudo systemctl restart nginx sudo systemctl restart submitty_websocket_server
Confirm the status:
sudo systemctl status nginx sudo systemctl status submitty_websocket_server