F*EX Apache/nginx HOWTO

This is a small HOWTO detailing how you would typically set up F*EX behind any modern web server. Configuration examples for Apache and nginx are included. Disclaimer: Only Apache config has been tested with huge (> 2GB) files. F*IX client is not supported for this setup.

Configuring your web server

The easiest way to make F*EX behave correctly behind a reverse proxy is by passing the hostname along with the request. If this is not done, many URLs will not reflect the hostname you are using (it may give out links to 127.0.0.1:8888.)

In Apache, this is done very easily:

<VirtualHost *>
    ServerName <**your.fex.hostname>
    ProxyPass / http://127.0.0.1:8888/
    ProxyPreserveHost On
</VirtualHost>

This maps the host your.fex.hostname to the F*EX running on localhost. To set up an HTTPS only host:

<VirtualHost *>
    ServerName *your.fex.hostname*
    Redirect / https://*your.fex.hostname*
</VirtualHost>
<VirtualHost *:443>
    *SSL OPTIONS GO HERE*

    ServerName *your.fex.hostname*
    ProxyPass / http://127.0.0.1:8888/
    ProxyPreserveHost On
</VirtualHost>

nginx also supports this in a very similar fashion:

server {
    listen   80;
    server_name *your.fex.hostname*;
    location / {
        proxy_pass http://127.0.0.1:8888;
        proxy_set_header Host $host;
    }
}

Similarly, you can also set it up to be SSL only:

server {
    listen   80;
    server_name *your.fex.hostname*;
    rewrite (.*) https://*your.fex.hostname*$1;
}
server {
    listen   443;
    server_name *your.fex.hostname*;
    location / {
        proxy_pass http://127.0.0.1:8888;
        proxy_set_header Host $host;
    }
}

Configuring the daemon listen port/IP

In a reverse proxy setup, you may want to limit the F*EX daemon to listening only on localhost. Reasons may include the desire to encrypt all traffic or setting ACLs on all traffic in the web server.

The config depends on how you run your F*EX instance. In inetd.conf:

127.0.0.1:8888  stream  tcp     nowait  fex:fex /usr/sbin/tcpd /usr/share/fex/bin/fexsrv

In xinetd.d/fex:

service fex
{
        socket_type             = stream
        [...]
        bind                    = 127.0.0.1
}

Configuring F*EX

No changes are required in F*EX if the HTTP Host: header can be passed by the reverse proxy. All modern reverse proxies should support this.

Enjoy!

--
Morten Minde Neergaard