Skip to main content
Version: Reality 5.3.sp3

SSL Configuration

Reality Hub, by default, uses HTTP port 80 to serve its front-end to browser. To encrypt the network traffic between the Reality Hub Server and the browser, you need to configure the SSL (Secure Socket Layer) layer.

To configure SSL, you must obtain a valid certificate from an authorized provider. Please consult your network administrator to get help obtaining the certificate.

Configuration Steps

  • Install Reality Hub Server and set its HTTP port to a different one than your clients will connect. The port that clients will use will be configured in the Nginx configuration.
  • Make sure that Reality Hub Server is accessible from the same host that it is installed on.
  • Install Nginx Server
  • Configure Nginx as below
  • Restart Nginx
info

For Reality Hub version 1.3.0 and older, please make sure that your Nginx installation supports nginx_http_sub_module.

Nginx Configuration

worker_processes  4;

events {
worker_connections 1024;
}

http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

upstream rh {
# HTTP IP & Port configured in the Reality Hub installation
server 127.0.0.1:3000;
}

server {
# Default HTTP port to redirect all connections to SSL site
listen 80;
location / {
return 301 https://$host$request_uri;
}
}

server {
# Default SSL port (may configure it to a different port)
listen 443 ssl;
server_name localhost;

# Locations of the certificate and key files.
ssl_certificate d:/nginx/nginx-selfsigned.crt;
ssl_certificate_key d:/nginx/nginx-selfsigned.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://rh;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cookie_flags ~ secure samesite=none;

# Uncomment the following lines if you are using Reality Hub version 1.3.0 and older.
# sub_filter_types application/javascript;
# sub_filter 'ws://' 'wss://';
# sub_filter_once off;
}
}
}