SSL Configuration

RealityHub, by default, uses HTTP port 80 to serve its front-end to browser. To encrypt the network traffic between the RealityHub Server and the browser, you need to configure the SSL (Secure Socket Layer) layer.

To configure SSL, you must obtain a valid certificate from an authorized provider. Please consult your network administrator to get help obtaining the certificate.

Configuration Steps

  • Install RealityHub Server and set its HTTP port to a different one than your clients will connect. The port that clients will use will be configured in the Nginx configuration.

  • Make sure that RealityHub Server is accessible from the same host that it is installed on.

  • Install Nginx Server

  • Configure Nginx as below

  • Restart Nginx

For RealityHub version 1.3.0 and older, please make sure that your Nginx installation supports nginx_http_sub_module.

Nginx Configuration

worker_processes  4;

events {
  worker_connections  1024;
}

http {
  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
  }

  upstream rh {
    # HTTP IP & Port configured in the RealityHub installation
    server 127.0.0.1:3000;
  }

  server {
    # Default HTTP port to redirect all connections to SSL site
    listen 80;
    location / {
      return 301 https://$host$request_uri;
    }
  }

  server {
    # Default SSL port (may configure it to a different port)
    listen       443 ssl;
    server_name  localhost; 
    
    # Locations of the certificate and key files.  
    ssl_certificate      d:/nginx/nginx-selfsigned.crt;
    ssl_certificate_key  d:/nginx/nginx-selfsigned.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-NginX-Proxy true;
      proxy_pass http://rh;
      proxy_ssl_session_reuse off;
      proxy_set_header Host $http_host;
      proxy_cache_bypass $http_upgrade;
      proxy_redirect off;
      
      proxy_http_version 1.1;        
      proxy_set_header Upgrade $http_upgrade;        
      proxy_set_header Connection "upgrade";
      proxy_cookie_flags ~ secure samesite=none;
      
      # Uncomment the following lines if you are using RealityHub version 1.3.0 and older.
      # sub_filter_types application/javascript;
      # sub_filter 'ws://' 'wss://';
      # sub_filter_once off;
    }
  }
}