Edge behind nginx
Reverse-proxy a path prefix (and its WebSocket) to the edge, and pass through the client IP.
This routes the collector's apiUrl traffic to the edge. It assumes apiUrl: 'https://yourapp.com/octet', so the collector posts to /octet/v1/signals and connects the WebSocket at /octet/v1/ws.
Configuration
# WebSocket upgrade mapping (top-level, in the http {} block)
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name yourapp.com;
# ... your existing TLS config (listen 443 ssl; certs; etc.) ...
location /octet/ {
proxy_pass http://127.0.0.1:8080/; # trailing slash strips the /octet/ prefix
proxy_http_version 1.1;
# WebSocket support for /octet/v1/ws
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
# The edge reads the source IP from X-Forwarded-For:
proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 30s;
}
}
The trailing slash on proxy_pass http://127.0.0.1:8080/; maps /octet/v1/signals → the edge's /v1/signals (and likewise for /v1/ws).
Connection-termination note
With this setup, nginx terminates the browser's connection and proxies to the edge over the loopback. That means the connection-level timing signal is measured at the nginx↔edge hop, not against the browser. The integration still works on the remaining signals; for the strongest result, keep the number of hops in front of this host to a minimum and confirm the termination topology with Octet during onboarding. Do not place a separate TLS-terminating CDN/LB in front of nginx without discussing it first — see Cloud LB / CDN.
Where to go next
- Deploy the Edge. Env vars and the termination rule.
- Fetch the Verdict. Read the result on your backend.