AFFiNE icon indicating copy to clipboard operation
AFFiNE copied to clipboard
verified publisher icon toeverything

[Question] Apache reverse proxy and wss

Open WarningImHack3r opened this issue 3 years ago • 2 comments

Hi there, I didn't find any guide on how to use a reverse proxy for affine, especially which websocket should be configured. My current configuration is this one:

<VirtualHost *:443>
	ServerName affine.example.com

	Timeout 5400
	ProxyTimeout 5400
	SSLProxyEngine On
	SSLProxyVerify None
	SSLProxyCheckPeerCN Off
	SSLProxyCheckPeerName Off
	SSLProxyCheckPeerExpire Off
	ProxyPass / http://localhost:3334/
	ProxyPassReverse / http://localhost:3334/
	ProxyPass /collaboration/affine wss://localhost:3334/collaboration/affine
	ProxyPassReverse /collaboration/affine wss://localhost:3334/collaboration/affine
	
	# Let's Encrypt
	SSLCertificateFile /etc/letsencrypt/live/example.com-0001/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

But I'm getting the error: CleanShot 2023-01-10 at 18 54 32@2x What did I miss?

WarningImHack3r avatar Jan 10 '23 17:01 WarningImHack3r

Please try replacing:

	ProxyPass /collaboration/affine wss://localhost:3334/collaboration/affine
	ProxyPassReverse /collaboration/affine wss://localhost:3334/collaboration/affine

with:

	<Location /collaboration>  
		ProxyPass ws://localhost:3334
		ProxyPassReverse ws://localhost:3334
	</Location>

In addition, if you want to deploy an https server, we recommend using caddy, which supports automatic https signature. Or you can also use cloudflare to add https support to your domain. Their configuration is simpler and easier to understand than apache.

darkskygit avatar Jan 13 '23 09:01 darkskygit

Thanks for your answer @darkskygit, however it doesn't change anything, still the same error. Also, I already have https support with Let's Encrypt on Apache, should I do something specific for Affine?

WarningImHack3r avatar Jan 13 '23 10:01 WarningImHack3r

This is what I use for my apache setup, in case you want to try it out. It works perfectly here.

<VirtualHost *:80>
    ServerName notes.domain.com
    Redirect permanent / https://notes.domain.com/
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName notes.domain.com    
    ProxyRequests Off
    
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket
    RewriteRule /(.*) ws://127.0.0.1:2500/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket
    RewriteRule /(.*) http://127.0.0.1:2500/$1 [P,L]
    
    <Location />
        ProxyPreserveHost On
        ProxyPass http://127.0.0.1:2500/
        ProxyPassReverse http://127.0.0.1:2500/
    </Location>
    # SSL Location
    SSLEngine on
    SSLCertificateFile /opt/acme-cert/notes.domain.com/cert.pem
    SSLCertificateKeyFile /opt/acme-cert/notes.domain.com/site.key
    SSLCertificateChainFile /opt/acme-cert/notes.domain.com/fullchain.cer
</VirtualHost>

L1so avatar Jan 15 '23 11:01 L1so

Thanks @L1so it worked! Here is my final config:

<VirtualHost *:443>
	ServerName affine.example.com

	ProxyRequests Off
	RewriteEngine On
	RewriteCond %{HTTP:Upgrade} =websocket
	RewriteRule /(.*) ws://localhost:3334/$1 [P,L]
	
	<Location />
		ProxyPreserveHost On
		ProxyPass http://localhost:3334/
		ProxyPassReverse http://localhost:3334/
	</Location>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	
	# Let's Encrypt
	SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

I tried signing in with Google but I got an "invalid auth" from firebase, that must be an issue with affine still being under development. Thanks again!

WarningImHack3r avatar Jan 15 '23 12:01 WarningImHack3r