Pax1601
For your Wiki - Instructions on how to configure a reverse Proxy and Cloudflare to work with Olympus
Hey guys,
Sorry for the delay in writing this, Covid is still kicking my arse. This is an initial draft of the docs and diagrams as I am not sure the data I have been given is complete.
Hi everyone, this is how you configure olympus to work through a DNS aggregator service like cloudflare and a reverse proxy. This guide assumes that you have correctly configured an internet addressable domain with cloudflare and have a working reverse proxy. Here is an Overview of what we will be trying to achieve here with this guide.
Firstly we will create a new Proxy Host for the external domain name we want to use. For my example I will be using olympus.ozdeadmeat.com. we then point it to the internal IP address of our Olympus/DCS server.
Then move to custom locations and enter the following
Then go to SSL and select your SSL that you want to use for your website. and then enable the Force SSL, HTTP/2, HSTS Enabled, HSTS subdomains. then hit save.
You should now be able to browse to your external domain name and have it encrypt traffic
Lastly, you will need to modify the setAddress function in the <DCS.profile>\Mods\services\Olympus\client\pulbic\javascripts\bundle.js
as of 1.0.3 it is on line 26377
Check the setAddress funtion to the following code
setAddress(address, port) {
__classPrivateFieldSet(this, _ServerManager_REST_ADDRESS, `https://${address}/olympus`, "f");
console.log(`Setting REST address to ${__classPrivateFieldGet(this, _ServerManager_REST_ADDRESS, "f")}`);
}
Here is a basic apache2 reverse proxy configuration.
<VirtualHost *:80>
ServerName olympus.squad.tld
ServerAdmin [email protected]
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^/olympus/(.*) http://192.168.0.1:3001/olympus/$1 [P,L]
ProxyPassReverse /olympus/ http://192.168.0.1:3001/olympus
RewriteRule ^/(.*) http://192.168.0.1:3000/$1 [P,L]
ProxyPassReverse / http://192.168.0.1:3000
</VirtualHost>
https://github.com/Pax1601/DCSOlympus/pull/732 adds support for HTTPS in config file
This is very good! In v1.0.4 we will ditch the requirement of connecting to the REST server directly by implementing a proxy on the Olympus Server itself. I will keep this up but will ask you to kindly update it when the change is active
Righto, let me know when there is a release candidate and I will update the doco.
I have a working config for xnginx as a reverse proxy
it runs on nginx for windows 1.25.3
certificates have been generated with Certbot/Let's Encrypt!
Config copied below AND attached as .zip
worker_processes 1;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
error_log logs/error.log debug;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
gzip on;
keepalive_timeout 65;
server {
listen 80;
root html;
server_name $host;
charset utf-8;
index index.html index.htm;
location /sneaker {
return 307 http://your_hostname_here:sneaker_port/;
}
location /lardoon {
return 307 http://your_hostname_here:lardoon_port/;
}
location /bground {
return 307 http://your_hostname_here:Battleground_port/;
}
location /olympusGCI {
return 307 http://your_hostname_here:Olympus_client_port;
}
error_page 404 /50x.html;
location = /50x.html {
}
}
server {
listen 443 ssl;
server_name your_hostname_here;
charset utf-8;
resolver 1.1.1.1;
ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
ssl_client_certificate ../path_to_certificates/your_hostname_here/cert.pem;
ssl_verify_client optional;
location /commander {
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://your_hostname_here:Olympus_client_port/;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /olympus {
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://your_hostname_here:Olympus_backend_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /olympus/mission {
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://your_hostname_here:Olympus_backend_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /resources/ {
proxy_pass http://your_hostname_here:Olympus_client_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /stylesheets/ {
proxy_pass http://your_hostname_here:Olympus_client_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /themes/ {
proxy_pass http://your_hostname_here:Olympus_client_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /images/ {
proxy_pass http://your_hostname_here:Olympus_client_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /plugins/ {
proxy_pass http://your_hostname_here:Olympus_client_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /javascripts/ {
proxy_pass http://your_hostname_here:Olympus_client_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /api/elevation/ {
proxy_pass http://your_hostname_here:Olympus_client_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /databases {
proxy_pass http://your_hostname_here:Olympus_client_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location /api/airbases {
proxy_pass http://your_hostname_here:Olympus_client_port;
proxy_ssl_certificate ../path_to_certificates/your_hostname_here/cert_1.pem;
proxy_ssl_certificate_key ../path_to_certificates/your_hostname_here/cert_key.pem;
proxy_ssl_trusted_certificate ../path_to_certificates/your_hostname_here/cert.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
}
}
nginx.sanitized_OlympusSSL.conf.zip
