Advanced OnTakt Setup

From Knowledge Base

It is possible to run OnTakt on your own hardware, which includes virtual machines.

For help installing OnTakt on new hardware, see WolframOS Installation.

Using your own domain name

If you would like the launch page, OnTakt, and Inspection to be available at locations such as wolfram.example.com, ontakt.example.com, and inspection.example.com, you can set up a reverse proxy to handle domain routing and SSL certificates.

Support notice

Reverse proxy configuration is not supported by Wolfram Manufacturing and we cannot assist with setup or troubleshooting. We will not accept bug reports for issues caused while accessing our services via a reverse proxy. If you experience a problem while using the reverse proxy, try again with direct IP/port access and submit a report from there if the issue still occurs.

Security notice

We advise that you do not make your reverse proxy accessible from outside your local network for security reasons. If you have an existing web server you are using for the reverse proxy, make sure it will not proxy requests from the outside internet. If you are using a reverse proxy, we are not responsible for any network issues or security incidents.

We also strongly advise that you do not port forward OnTakt directly to the internet. If you do this, we are not responsible for any service or network issues or security incidents.

Using NGINX as a reverse proxy

NGINX is a free web and reverse proxy server. Assuming the OnTakt server has a fixed IP address of 10.0.0.42, an example HTTP-only site configuration file (/etc/nginx/sites-enabled/wolfram.conf on most Linux distributions, /etc/nginx/vhosts.d/wolfram.conf on some) for the launch page and OnTakt would be:

# Launch page
server {
    listen 80;
    server_name wolfram.example.com
    
    location / {
        proxy_pass http://10.0.0.42:80;
    }
}

# OnTakt
# (for Inspection, copy and change the proxy_pass line to port 8710 instead of 8720)
server {
    listen 80;
    server_name ontakt.example.com;
    
    location / {
        proxy_pass http://10.0.0.42:8720;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Websockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

HTTPS configuration will depend on the domain registrar or DNS server, but Certbot is a tool that supports most configurations.