Proxy configuration
Note: <upsource_home>\directory_name
should be read as “open the console and change directory to directory_name
under Upsource home directory.”
All commands listed below are Windows commands. If you’re working on a Linux or Mac OS X server, simply replace .bat
with .sh
.
You can set up Upsource to work behind a reverse proxy server. There are two requirements that your environment should meet to make this possible:
- Your proxy server must support WebSockets. For example, Nginx supports WebSockets since version 1.3.13.
- Upsource should be hosted under root URL (
/
) on your virtual host.
If these requirements are met, start with configuring Upsource to use a base URL (the URL that end users will request for to access your Upsource installation):
<upsource_home>\bin\upsource.bat configure --listen-port 1111 --base-url http://upsource.mydomain.com:2222
where:
1111
is the port number Upsource will listen tohttp://upsource.mydomain.com
is the address of your proxy server- and
2222
is the port number your proxy will listen to
Now configure headers in your proxy server, and you’re done. Configuration guidelines for Nginx and Apache HTTP Server are provided below.
Nginx configuration
To ensure support for WebSockets, please use Nginx 1.3.13 or later.
Here’s a sample Nginx header configuration (non SSL):
server {
listen 2222;
server_name localhost;
location / {
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
# to proxy WebSockets in nginx
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://upsourcemachine.domain.local:1111/;
}
}
where:
listen 2222
is the port that you have previously specified as a--base-url
parameterproxy_pass http://upsourcemachine.domain.local:1111/
is the path to your Upsource machine with the port that you have previously specified using the-–listen-port
command
Nginx SSL configuration goes as follows:
- Configure base url:
<upsource_home>\bin\upsource.bat configure --listen-port 1111 --base-url https://upsource.mydomain.com/
- Nginx configuration file:
server {
listen 443 ssl;
ssl_certificate <path_to_certificate>
ssl_certificate_key <path_to_key>
server_name localhost;
location / {
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
# to proxy WebSockets in nginx
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://upsourcemachine.domain.local:1111/;
}
}
Note: Please refer to the corresponding Nginx documentation pages for a description of server_name, proxy_set_header, proxy_pass.
Apache HTTP server configuration
To ensure support for WebSockets, please use Apache HTTP Server 2.4.10 or later.
Make sure to enable proxy_wstunnel
, proxy_http
, rewrite
modules (and optionally headers
if you want to use SSL) using the a2enmod
script:
$ a2enmod headers
$ a2enmod rewrite
$ a2enmod proxy_wstunnel
$ a2enmod proxy_http
Add the following directives to the VirtualHost
section of a relevant .conf
file:
RewriteEngine on
AllowEncodedSlashes on
RewriteCond %{QUERY_STRING} transport=polling
RewriteRule /(.*)$ http://127.0.0.1:1111/$1 [P]
ProxyRequests off
ProxyPass /~socket.io/ ws://127.0.0.1:1111/~socket.io/
ProxyPassReverse /~socket.io/ ws://127.0.0.1:1111/~socket.io/
ProxyPass / http://127.0.0.1:1111/
ProxyPassReverse / http://127.0.0.1:1111/
where 1111
is the port number you configured Upsource to listen to.
If you want to use SSL, additionally add the following directives to the VirtualHost
section:
RequestHeader set X-Forwarded-Proto "https"
IIS reverse proxy
To use IIS and ARR as a reverse proxy:
-
Install ARR from here
-
In IIS Manager, connect to the IIS server - in this case, localhost
- Highlight the server in the Connections pane
- Double-click URL Rewrite
- Click View server variables on the right pane
-
Add HTTP_X_FORWARDED_HOST, HTTP_X_FORWARDED_SCHEME and HTTP_X_FORWARDED_PROTO to the list
- Highlight the server in the Connections pane
- Double-click Application Request Routing Cache
- Click Server Proxy Settings under the Proxy heading in the Actions pane.
-
Tick the Enable proxy checkbox and then click Apply. Leave the default values in place.
- In the Connections pane, under Sites, highlight Default Web Site
- Double-click the URL Rewrite feature, and click Add Rule(s)… in the Actions pane
- Add a reverse proxy rule, with server name: localhost:1111 (replace with real location and port of your Upsource service)
-
Open created rule, check rewrite url, add server variables:
- set HTTP_X_FORWARDED_HOST to {HTTP_HOST}
- set HTTP_X_FORWARDED_SCHEME to https (if the IIS site is configured to https, else set to http)
- set HTTP_X_FORWARDED_PROTO to https (if the IIS site is configured to https, else set to http)
-
Make sure that Anonymous Authentication is enabled:
a) In the Connections pane, under Sites, highlight Default Web Site
b) Double click Authentication → Select Anonymous → Click Enable in the right pane.