UserVM Handbook: Difference between revisions

no edit summary
No edit summary
No edit summary
qemuArgs = "qemu-system-x86_64 -M q35,usb=on,acpi=on,hpet=off -cpu host -accel whpx -m 2G -smp cores=2 -device usb-tablet -nic none -hda /srv/collabvm/images/vm1.qcow2"
</nowiki>}}
 
== Setting up reverse proxying ==
'''This is REQUIRED for UserVM as, for technical reasons, only TLS-equipped WebSockets can be accepted'''
 
We strongly recommend you proxy your UserVM behind Nginx, to provide additional security and allow things like TLS. It also makes your VM look a lot cleaner, allowing people to access it on your main HTTP(s) port and on a subdirectory, like <code>https://example.com/collab-vm/</code> rather than <code>http://example.com:6004</code>. Here's a brief description of how to set that up on the Nginx side. This assumes you already have your site set up with Nginx, and if not there are numerous guides for that around the internet.
 
First, you'll want to save [https://computernewb.com/~elijah/wsproxy_params wsproxy_params] to your Nginx directory, which enables WebSocket proxying. Here's a one-liner to do that:
{{code|
$ sudo curl https://computernewb.com/~elijah/wsproxy_params -o /etc/nginx/wsproxy_params
}}
Next, you can add the following to your Nginx server block:
{{code|
location /collab-vm/vm1 {
include wsproxy_params;
proxy_pass http://127.0.0.1:6004/; # Replace 6004 if you changed the HTTP port in the config file.
}}
If you get an error about <code>connection_upgrade</code>, edit <code>/etc/nginx/nginx.conf</code> and add the following to your http block:
{{code|
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}}
If you have multiple VMs running, you can have them all proxied like so:
{{code|
location /collab-vm/vm1 {
include wsproxy_params;
proxy_pass http://127.0.0.1:6004/;
location /collab-vm/vm2 {
include wsproxy_params;
proxy_pass http://127.0.0.1:6005/;
# ...etc
}}
 
== Running your VM ==
{{code|
$ sudo rc-update add collabvm
}}
== Setting up reverse proxying ==
'''This is REQUIRED for UserVM as, for technical reasons, only TLS-equipped WebSockets can be accepted'''
 
We strongly recommend you proxy your UserVM behind Nginx, to provide additional security and allow things like TLS. It also makes your VM look a lot cleaner, allowing people to access it on your main HTTP(s) port and on a subdirectory, like <code>https://example.com/collab-vm/</code> rather than <code>http://example.com:6004</code>. Here's a brief description of how to set that up on the Nginx side. This assumes you already have your site set up with Nginx, and if not there are numerous guides for that around the internet.
 
First, you'll want to save [https://computernewb.com/~elijah/wsproxy_params wsproxy_params] to your Nginx directory, which enables WebSocket proxying. Here's a one-liner to do that:
{{code|
$ sudo curl https://computernewb.com/~elijah/wsproxy_params -o /etc/nginx/wsproxy_params
}}
Next, you can add the following to your Nginx server block:
{{code|
location /collab-vm/vm1 {
include wsproxy_params;
proxy_pass http://127.0.0.1:6004/; # Replace 6004 if you changed the HTTP port in the config file.
}}
If you get an error about <code>connection_upgrade</code>, edit <code>/etc/nginx/nginx.conf</code> and add the following to your http block:
{{code|
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}}
If you have multiple VMs running, you can have them all proxied like so:
{{code|
location /collab-vm/vm1 {
include wsproxy_params;
proxy_pass http://127.0.0.1:6004/;
location /collab-vm/vm2 {
include wsproxy_params;
proxy_pass http://127.0.0.1:6005/;
# ...etc
}}
== Permanently host the webapp ==