I updated one of my CF instances and the new setup...
# adobej
jakobward
12/10/2022, 6:10 PMI updated one of my CF instances and the new setup will be using CF WebSockets behind an NGINX reverse proxy, with CF utilizing the Apache connector. Do I need to install the Apache websocket connector for CF and also configure NGINX to handle the WebSockets? 🤔 Just trying to get my brain wrapped around this a bit before I dive in. I previously was not utilizing the proxy or NGINX…
b
bdw429s
12/11/2022, 3:55 AMIs there a reason you want to use both Apache and Nginx?
j
jakobward
12/11/2022, 1:34 PMNGINX is my primary reverse proxy and is handling all of the incoming network connections and routing them to different servers. Apache is what I’m used to for integration with CF and handling requests/htaccess/etc. I have 1/20th the experience with NGINX as I do with Apache. So, I mostly wanted to stick with what I’m used to. What I’m not used to is configuring WebSockets through a proxy on either.
b
bdw429s
12/12/2022, 6:26 PMRight, but Nginx and Apache basically do the same thing so there's no need to have both of them in the mix unless you're just wanting to add layers.
bdw429s
12/12/2022, 6:26 PMI'd recommend picking the one you want and then moving forward with it. As far as configuring websockets, I'm not sure if it takes any special configuration. So far as I know, it just connects over the HTTP/S port like any other HTTP traffic
j
jc
12/12/2022, 6:58 PMHey @jakobward in regards to using the proxy, you would need Apache to be compiled with the Worker module in order for wsproxyconfig to do what it needs. Once the proxy is set up, using Nginx as a reverse proxy should not be an issue as WebSocket communication will work over port 80 and 443. Now I, like @bdw429s, agree that you should pick one, rather than creating an additional layer. If you do go with Nginx though, or if you are working with Apache’s default build which uses the Prefork MPM, then the only thing you can do is use ACF’s built in WebSocket Server through their specified ports and manage the certs using a pcks12 file or a Java Keystore thru the admin which to me is an additional step and a pain.
j
jakobward
12/12/2022, 11:36 PMI’m not creating an additional layer. The additional layer already exists and I’m picking the right tools for the job. “While NGINX is more efficient, it does not have Apache’s configuration system, and they both have their advantages and disadvantages.” AND “A very common starting pattern is to deploy the open-source NGINX software as a proxy (or NGINX Plus as the application delivery platform) in front of an Apache-based web application. NGINX performs the HTTP-related heavy lifting – serving static files, caching content, and offloading slow HTTP connections – so that the Apache server can run the application code in a safe and secure environment.”
jakobward
12/12/2022, 11:37 PM@jc thanks for the insight on the Apache MPM. It’s currently “event”, so, I will need to dig into that. I do have the Java Keystore set up, but yes, annoying to manage that - especially with a Let’s Encrypt certificate renewing every 2 - 3 months.
jakobward
12/12/2022, 11:37 PMI guess I’ll just dig in! Thanks, guys.