Advanced OnTakt Setup: Difference between revisions

Latest revision as of 10:02, 8 August 2023

It is possible to run OnTakt on your own hardware, which includes virtual machines.

For help installing OnTakt on new hardware, see WolframOS Installation.

Using your own domain name

If you would like the launch page, OnTakt, and Inspection to be available at locations such as wolfram.example.com, ontakt.example.com, and inspection.example.com, you can set up a reverse proxy to handle domain routing and SSL certificates.

Support notice

Reverse proxy configuration is not supported by Wolfram Manufacturing and we cannot assist with setup or troubleshooting. We will not accept bug reports for issues caused while accessing our services via a reverse proxy. If you experience a problem while using the reverse proxy, try again with direct IP/port access and submit a report from there if the issue still occurs.

Security notice

We advise that you do not make your reverse proxy accessible from outside your local network for security reasons. If you have an existing web server you are using for the reverse proxy, make sure it will not proxy requests from the outside internet. If you are using a reverse proxy, we are not responsible for any network issues or security incidents.

We also strongly advise that you do not port forward OnTakt directly to the internet. If you do this, we are not responsible for any service or network issues or security incidents.

Using NGINX as a reverse proxy

NGINX is a free web and reverse proxy server. Assuming the OnTakt server has a fixed IP address of 10.0.0.42, an example HTTP-only site configuration file (/etc/nginx/sites-enabled/wolfram.conf on most Linux distributions, /etc/nginx/vhosts.d/wolfram.conf on some) for the launch page and OnTakt would be:

# Launch page
server {
    listen 80;
    server_name wolfram.example.com
    
    location / {
        proxy_pass http://10.0.0.42:80;
    }
}

# OnTakt
# (for Inspection, copy and change the proxy_pass line to port 8710 instead of 8720)
server {
    listen 80;
    server_name ontakt.example.com;
    
    location / {
        proxy_pass http://10.0.0.42:8720;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Websockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

HTTPS configuration will depend on the domain registrar or DNS server, but Certbot is a tool that supports most configurations.

@@ Line 1: / Line 1: @@
 It is possible to run OnTakt on your own hardware, which includes virtual machines.
-== Hardware specifications ==
+For help installing OnTakt on new hardware, see [[WolframOS Installation]].
-{| class="wikitable"
-!'''Specification'''
-!'''Minimum'''
-!'''Recommended'''
-!'''Notes'''
-|-
-|'''Chipset'''
-|BIOS
-|UEFI
-|
-|-
-|'''CPU'''
-|1.5 GHz × 2 cores
-|2.0 GHz × 4 cores
-|64-bit x86 only (32-bit x86 or ARM will not work)
-|-
-|'''Memory'''
-|4 GB
-|8 GB
-|
-|-
-|'''Storage'''
-|100 GB HDD
-|128 GB SSD
-|
-|-
-|'''Network interface'''
-|100 Mb/s Ethernet
-|1000 Mb/s Ethernet
-|
-|-
-|'''Internet connection'''
-|Not required
-|100 Mb/s down
-|For downloading updates
-|-
-|'''USB ports'''
-|1
-|1
-|For installation and backups
-|}
-== Installation instructions ==
+==Using your own domain name==
-# Download the [https://www.dropbox.com/s/8fbngj5gfw2ijpp?dl=1 WolframOS ISO]
-# Use [https://www.balena.io/etcher/ Etcher] (or another ISO image writer) to write it to a USB flash drive that is at least 2GB. '''Anything else on the flash drive will be erased!'''
-# Make sure the IPC is powered off. Unplugging it is an easy way to do this and will not hurt anything because we are about to wipe it anyway.
-# Insert the flash drive into the IPC. '''DO NOT leave this flash drive plugged into any other PC. Rebooting a computer with this drive plugged in can erase its hard drive with very little time to stop it.'''
-# Connect IPC to network and then power. A monitor and keyboard are optional, but the IPC must have a network connection for the OS installation to succeed.
-# Boot from the flash drive. For new PCs, this will usually happen by default. If it doesn't, check your PC's manual for instructions for booting from USB devices. This may involve a keypress during boot to select a temporary boot device, or changing the BIOS configuration.
-# Wait about 20 minutes. When the installation stops, the system will shut down. If this takes longer than half an hour, connect a monitor to the IPC to see if there are any error messages. Sometimes trying the installation again can fix them.
-# The IPC is now ready, but shut down. Remove the flash drive.
-# Continue to [[OnTakt Setup|first-time setup]]
-== Virtual machine installation ==
-These instructions should also work for deployment as a virtual machine. VirtualBox has been tested and found to work. Keep in mind the necessary [[OnTakt Setup|port forwarding settings]] when setting up the virtual machine.
-== Using your own domain name ==
 If you would like the launch page, OnTakt, and Inspection to be available at locations such as wolfram.example.com, ontakt.example.com, and inspection.example.com, you can set up a reverse proxy to handle domain routing and SSL certificates.
-=== Support notice ===
+===Support notice===
 Reverse proxy configuration is '''not supported''' by Wolfram Manufacturing and we '''cannot assist with setup or troubleshooting'''. We '''will not accept bug reports''' for issues caused while accessing our services via a reverse proxy. If you experience a problem while using the reverse proxy, try again with direct IP/port access and submit a report from there if the issue still occurs.
-=== Security notice ===
+===Security notice===
 We advise that you '''do not make your reverse proxy accessible from outside your local network''' for security reasons. If you have an existing web server you are using for the reverse proxy, make sure it will not proxy requests from the outside internet. If you are using a reverse proxy, we are '''not responsible''' for any '''network issues''' or '''security incidents'''.
 We also strongly advise that you '''do not port forward''' OnTakt directly to the internet. If you do this, we are '''not responsible''' for any service or '''network issues''' or '''security incidents'''.
-=== Using NGINX as a reverse proxy ===
+=== Using NGINX as a reverse proxy===
 NGINX is a free web and reverse proxy server. Assuming the OnTakt server has a fixed IP address of 10.0.0.42, an example HTTP-only site configuration file (<code>/etc/nginx/sites-enabled/wolfram.conf</code> on most Linux distributions, <code>/etc/nginx/vhosts.d/wolfram.conf</code> on some) for the launch page and OnTakt would be:
   # Launch page