Update: As Glitch mentions below, doing this actually requires a change to the game engine. I’ll be incorporating that into the next patch, so for now just stay tuned.
I’ll update the install instructions, but for now a FYI – since the ‘notifications’ API is now widely limited to only secure websites, it’s recommended that you set up the web server using HTTPS. (Plus it’s just nice for security, and raw http is slowly dying.)
You can get a free security certificate and a bot to manage it all for you by using Certbot. It has an auto-installer for nginx (the Ares default), so it should work pretty seamlessly.
@Tat - I know you set this up for Spirit Lake. Any snafus getting the portal to work over HTTPS?
Hey Faraday, the one thing I had to do for spiritlake was to enable ssl for the websockets in the engine, since I wasn’t able to successfully proxy it through nginx.
and then these were some of the frontend changes I had to make:
No problem! You’ve made something really outstanding. My ruby is weak, so I’m sure you’ll come up with a better engine block for the ssl option, but I’m glad it can offer some insight into how we got it done.
Another thing that might be useful is running websockets over the same API tunnel connection ( via nginx or the like ) when the API proxy is enabled. This will allow for wss:// connections and only needing to have a single port open for users that are behind firewalls etc.
I had to make a few changes in the nginx config and a few of the *.js files to handle the updates. I’ve submitted a PR on github that should cover the changes, generally.
But if you’ve got an older game (installed before Beta 45, even if you’re currently on 45 or later) you’ll also need to upgrade your nginx config file to match the one in the install directory (substituting your game’s variables for the things like <%= @engine_api_port %>.
If you’re not sure how to do that, let me know and I can provide more detailed instructions.
Yeah, I might need some help. I tried it on my test, and am getting:
Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] "upstream" directive is not allowed here in /etc/nginx/nginx.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] "upstream" directive is not allowed here in /etc/nginx/nginx.conf:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n',)
cp: cannot stat '/etc/letsencrypt/live/mytestdomain.com/fullchain.pem.pem': No such file or directory
cp: cannot stat '/etc/letsencrypt/live/mytestdomain.com/privkey.pem.pem': No such file or directory
Derp. My bad. If you look in bin/certs - you’ll see it’s got .pem.pem there twice for both of those files. Just edit the file to remove the extra ‘.pem’ from each of them, so it’s “fullchain.pem” and “privkey.pem”. Then run it again and hopefully it’ll work.