Upsource

Proxy configuration

Note: <upsource_home>\directory_name should be read as “open the console and change directory to directory_name under Upsource home directory.”

All commands listed below are Windows commands. If you’re working on a Linux or Mac OS X server, simply replace .bat with .sh.

You can set up Upsource to work behind a reverse proxy server. There are two requirements that your environment should meet to make this possible:

  • Your proxy server must support WebSockets. For example, Nginx supports WebSockets since version 1.3.13.
  • Upsource should be hosted under root URL (/) on your virtual host.

If these requirements are met, start with configuring Upsource to use a base URL (the URL that end users will request for to access your Upsource installation):

<upsource_home>\bin\upsource.bat configure --listen-port 1111 --base-url http://upsource.mydomain.com:2222

where:

  • 1111 is the port number Upsource will listen to
  • http://upsource.mydomain.com is the address of your proxy server
  • and 2222 is the port number your proxy will listen to

Now configure headers in your proxy server, and you’re done. Configuration guidelines for Nginx and Apache HTTP Server are provided below.

Nginx configuration

To ensure support for WebSockets, please use Nginx 1.3.13 or later.

Here’s a sample Nginx header configuration (non SSL):

server {
      listen       2222;
      server_name  localhost;
location  / {
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_http_version 1.1;
        
      # to proxy WebSockets in nginx
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_pass http://upsourcemachine.domain.local:1111/;
      }
}

where:

  • listen 2222 is the port that you have previously specified as a --base-url parameter
  • proxy_pass http://upsourcemachine.domain.local:1111/ is the path to your Upsource machine with the port that you have previously specified using the -–listen-port command

Nginx SSL configuration goes as follows:

  • Configure base url:
<upsource_home>\bin\upsource.bat configure --listen-port 1111 --base-url https://upsource.mydomain.com/
  • Nginx configuration file:
        server {
            listen 443 ssl;
    
             ssl_certificate <path_to_certificate>
             ssl_certificate_key <path_to_key>
    
            server_name  localhost;
    
        location  / {
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_http_version 1.1;
    
                # to proxy WebSockets in nginx
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://upsourcemachine.domain.local:1111/;
                        }
               }

Note: Please refer to the corresponding Nginx documentation pages for a description of server_name, proxy_set_header, proxy_pass.

Apache HTTP server configuration

To ensure support for WebSockets, please use Apache HTTP Server 2.4.10 or later.

Make sure to enable proxy_wstunnel, proxy_http, rewrite modules (and optionally headers if you want to use SSL) using the a2enmod script:

    $ a2enmod headers
    $ a2enmod rewrite
    $ a2enmod proxy_wstunnel
    $ a2enmod proxy_http

Add the following directives to the VirtualHost section of a relevant .conf file:

    RewriteEngine on
    AllowEncodedSlashes on 
       
    RewriteCond %{QUERY_STRING} transport=polling
    RewriteRule /(.*)$ http://127.0.0.1:1111/$1 [P]
    
    ProxyRequests off
    ProxyPass /~socket.io/ ws://127.0.0.1:1111/~socket.io/
    ProxyPassReverse /~socket.io/ ws://127.0.0.1:1111/~socket.io/
        
    ProxyPass / http://127.0.0.1:1111/
    ProxyPassReverse / http://127.0.0.1:1111/

where 1111 is the port number you configured Upsource to listen to.

If you want to use SSL, additionally add the following directives to the VirtualHost section:

  RequestHeader set X-Forwarded-Proto "https"

IIS reverse proxy

To use IIS and ARR as a reverse proxy:

  1. Install ARR from here

  2. In IIS Manager, connect to the IIS server - in this case, localhost

  3. Highlight the server in the Connections pane
  4. Double-click URL Rewrite
  5. Click View server variables on the right pane
  6. Add HTTP_X_FORWARDED_HOST, HTTP_X_FORWARDED_SCHEME and HTTP_X_FORWARDED_PROTO to the list

  7. Highlight the server in the Connections pane
  8. Double-click Application Request Routing Cache
  9. Click Server Proxy Settings under the Proxy heading in the Actions pane.
  10. Tick the Enable proxy checkbox and then click Apply. Leave the default values in place.

  11. In the Connections pane, under Sites, highlight Default Web Site
  12. Double-click the URL Rewrite feature, and click Add Rule(s)… in the Actions pane
  13. Add a reverse proxy rule, with server name: localhost:1111 (replace with real location and port of your Upsource service)
  14. Open created rule, check rewrite url, add server variables:

    • set HTTP_X_FORWARDED_HOST to {HTTP_HOST}
    • set HTTP_X_FORWARDED_SCHEME to https (if the IIS site is configured to https, else set to http)
    • set HTTP_X_FORWARDED_PROTO to https (if the IIS site is configured to https, else set to http)
  15. Make sure that Anonymous Authentication is enabled:

    a) In the Connections pane, under Sites, highlight Default Web Site

    b) Double click Authentication → Select Anonymous → Click Enable in the right pane.