Skip to main content

Configuring AMPS for Use via a Proxy

Update the AMPS Configuration

First, we need to define the AMPS transports that the proxy will forward connection requests to.

For TLS/SSL transports, set Type to tcps and add the Certificate and PrivateKey elements, like so:

  <Transports>
    <Transport>
      <Name>any-tcps</Name>
      <Type>tcps</Type>
      <Protocol>amps</Protocol>
      <InetAddr>9007</InetAddr>
      <Certificate>/etc/pki/tls/certs/localhost.crt</Certificate>
      <PrivateKey>/etc/pki/tls/private/localhost.key</PrivateKey>
    </Transport>

    <Transport>
      <Name>any-wss</Name>
      <Type>tcps</Type>
      <Protocol>websocket</Protocol>
      <InetAddr>9008</InetAddr>
      <Certificate>/etc/pki/tls/certs/localhost.crt</Certificate>
      <PrivateKey>/etc/pki/tls/private/localhost.key</PrivateKey>
    </Transport>
  </Transports>

For a standard non-SSL configuration, you can simply omit the Certificate and PrivateKey elements from the above example and use a Type of tcp:

  <Transports>
    <Transport>
      <Name>any-tcp</Name>
      <Type>tcp</Type>
      <Protocol>amps</Protocol>
      <InetAddr>9007</InetAddr>
    </Transport>

    <Transport>
      <Name>any-ws</Name>
      <Type>tcp</Type>
      <Protocol>websocket</Protocol>
      <InetAddr>9008</InetAddr>
    </Transport>
  </Transports>

Second, update the Admin configuration with the SQLTransport element to specify which websocket Transport Galvanometer should use to submit queries and subscriptions:

  <Admin>
    <InetAddr>8085</InetAddr>
    <SQLTransport>any-wss</SQLTransport>
    <Certificate>/etc/pki/tls/certs/localhost.crt</Certificate>
    <PrivateKey>/etc/pki/tls/private/localhost.key</PrivateKey>
  </Admin>

The Certificate and PrivateKey elements on Admin are only necessary when the Admin interface itself is served over TLS/SSL. For a non-SSL deployment, use the non-secure websocket transport name (any-ws) and omit the TLS configuration.

Lastly, include the ExternalInetAddr element in the Admin configuration to specify the value that should be used for connections to the Admin interface. ExternalInetAddr is not intended to override the InetAddr parameter or change the network addresses that the Admin server uses, but instead to provide an externally visible address that will reach the InetAddr.

For example, a proxy on address proxy_host_address that exposes an /admin endpoint for the Admin interface:

  <Admin>
   <!-- ... existing configuration ... -->

    <ExternalInetAddr>proxy_host_address/admin</ExternalInetAddr>
  </Admin>

Additionally, you can include the SQLTransportInetAddr element in the Admin configuration to directly provide the URI that the Galvanometer will use for submitting queries and subscriptions to AMPS.

For example, if the proxy exposes a secure websocket transport at proxy_host_address/wss, use:

<Admin>
   <!-- ... existing configuration ... -->

    <!-- URI to use for sending commands to AMPS. -->
   <SQLTransportInetAddr>proxy_host_address/wss</SQLTransportInetAddr>
</Admin>

Start the AMPS Server

./<path to AMPS binary>/ampServer config.xml

If you need help installing and starting AMPS, see Getting Started With AMPS.

You can find additional information on Using AMPS with a Proxy in the AMPS User Guide.