Project

General

Profile

deploying vrspace

Added by Abhishek Roushan over 2 years ago

Tried to deploy vrspace, although it went well but how to install own ssl and sketchfab oauth and downoad api


Replies (1)

RE: deploying vrspace - Added by Josip Almasi over 2 years ago

Hey Abhishek,

Sketchfab registration process is explained here: https://sketchfab.com/developers/oauth#registering-your-app
In the end you just fill in values of appropriate application properties: sketchfab.clientId, sketchfab.clientSecret and sketchfab.redirectUri.

Own SSL is no different than any other web app. You can go two ways: use embedded tomcat, or use reverse proxy.
Embedded tomcat relies on java keystore, so you can import your cert e.g. like explained here: https://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore
After that, just point application properties to your key store using server.ssl application properties.
While that solves SSL, it may be quite inefficient with regards to content handling, i.e. caching and compression.
So I use apache as reverse proxy on vrspace.org.
Plain http site is configured like this:

<VirtualHost *:80>
    ServerName www.vrspace.org
    ServerAlias vrspace.org

    ServerAdmin admin@vrspace.org
    DocumentRoot /opt/vrspace/web

    ErrorLog ${APACHE_LOG_DIR}/vrspace-error.log
    CustomLog ${APACHE_LOG_DIR}/vrspace-access.log combined

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

so essentially all it does is redirect to https.
HTTPS web site is of course more complex:


<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                Protocols h2 h2c http/1.1

                ServerName www.vrspace.org
                ServerAlias vrspace.org

                ServerAdmin admin@vrspace.org

                Header set Access-Control-Allow-Origin "*" 

                <FilesMatch "\.js$">
                    FileEtag None
                    <ifModule mod_headers.c>
                        Header Unset ETag
                        Header Set Cache-Control "max-age=0, no-store, no-cache, must-revalidate" 
                        Header Set Pragma "no-cache" 
                        Header Set Expires "Thu, 1 Jan 1970 00:00:00 GMT" 
                    </ifModule>
                </FilesMatch>

                DocumentRoot /opt/vrspace/web
                <Directory /opt/vrspace/web>
                        Options Indexes MultiViews
                        AllowOverride None
                        Require all granted
                </Directory>

                Alias /babylon /opt/vrspace/babylon
                <Directory /opt/vrspace/babylon>
                        Options Indexes MultiViews
                        AllowOverride None
                        Require all granted
                </Directory>

                Alias /content /opt/vrspace/content
                <Directory /opt/vrspace/content>
                        Options Indexes MultiViews
                        AllowOverride None
                        Require all granted
                </Directory>

                ErrorLog ${APACHE_LOG_DIR}/vrspace-ssl-error.log
                CustomLog ${APACHE_LOG_DIR}/vrspace-ssl-access.log combined

                SSLEngine on

                SSLCertificateFile /etc/apache2/ssl/STAR_vrspace_org.crt
                SSLCertificateKeyFile /etc/apache2/ssl/STAR_vrspace_org.key
                SSLCertificateChainFile /etc/apache2/ssl/STAR_vrspace_org.ca-bundle

                ProxyPreserveHost on
                ProxyRequests Off

                ProxyPass /actuator/ http://localhost:8080/actuator/
                ProxyPassReverse /actuator/ http://localhost:8080/actuator/

                ProxyPass /sketchfab/ http://localhost:8080/sketchfab/
                ProxyPassReverse /sketchfab/ http://localhost:8080/sketchfab/

                ProxyPass /user/ http://localhost:8080/user/
                ProxyPassReverse /user/ http://localhost:8080/user/

                ProxyPass /oauth2/ http://localhost:8080/oauth2/
                ProxyPassReverse /oauth2/ http://localhost:8080/oauth2/

                ProxyPass /login http://localhost:8080/login
                ProxyPassReverse /login http://localhost:8080/login

                ProxyPass /worlds/ http://localhost:8080/worlds/
                ProxyPassReverse /worlds/ http://localhost:8080/worlds/

                ProxyPass /swagger-ui/ http://localhost:8080/swagger-ui/
                ProxyPassReverse /swagger-ui/ http://localhost:8080/swagger-ui/
                ProxyPass /swagger-ui.html http://localhost:8080/swagger-ui.html
                ProxyPass /v3/ http://localhost:8080/v3/
                ProxyPassReverse /v3/ http://localhost:8080/v3/

                RewriteEngine on
                RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
                RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
                RewriteRule .* ws://%{SERVER_NAME}:8080%{REQUEST_URI} [P]

        </VirtualHost>
</IfModule>

So we
- enable http 2
- allow access from everywhere
- disable cache for javascript files
- allow browsing of web, babylon and content directories
- pass REST API calls to the back end
- pass openapi doc to the back end
- pass websocket connections to the back end
and by the way also configure certificates.

Furthermore, you'd also better enable compression for glb and json files like

                # compress binary files and large json (animation etc)
                AddOutputFilterByType DEFLATE application/octet-stream
                AddOutputFilterByType DEFLATE application/json

Sure, exact locations of where you apply these configuration depend on you OS, e.g. on a debian system you'd put this into mods-enabled/deflate.conf, sites-available/vrspace.conf and vrspace-ssl.conf, and enable all modules and sites like

a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel
a2enmod headers
a2ensite vrspace
a2ensite vrspace-ssl
apachectl configtest
apachectl restart

So more or less web hosting as usual.

    (1-1/1)