summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/admin_handbook.html5
1 files changed, 2 insertions, 3 deletions
diff --git a/docs/admin_handbook.html b/docs/admin_handbook.html
index 35c1c8c..5d0174a 100644
--- a/docs/admin_handbook.html
+++ b/docs/admin_handbook.html
@@ -41,11 +41,10 @@
Copy <a href="./cca.scfg.example">the example configuration file</a> to <code>cca.scfg</code> in the working directory where you intend to run CCASS. Then edit it according to the comments, though you may wish to pay attention to the following:
</p>
<ul>
- <li>CCASS supports both the FastCGI and the HTTP protocol, over both WebSocket and TCP listeners. HTTPS is not directly supported, so a reverse proxy or FastCGI server such as <code>relayd</code>, <code>nginx</code>, or OpenBSD <code>httpd</code>, should be used.</li>
+ <li>CCASS natively supports serving over clear text HTTP or over HTTPS. HTTPS is required for production setups as Microsoft Entra ID does not allow clear-text HTTP redirect URLs for non-<code>localhost</code> access.</li>
+ <li>Note that CCASS is designed to be directly exposed to clients due to the lacking performance of standard reverse proxy setups, although there is nothing that otherwise prevents it from being used behind a reverse proxy. Reverse proxies must forward WebSocket connection upgrade headers for all requests to the <code>/ws</code> endpoint.</li>
<li>You must <a href="https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade">create an app registration on the Azure portal</a> and complete the corresponding configuration options.</li>
<li>You must configure a <a href="https://www.postgresql.org/">PostgreSQL</a> instance and configure CCASS accordingly.</li>
- <li>In a production setup, it is advisable to serve the <code>static</code> directory directly via a dedicated web server. Although CCASS will serve a static folder within the current directory if it is configured with <code>static true</code>, using your web server to serve static files would lead to better performance and more flexible cache control.</li>
- <li>In a production setup, HTTPS should be used, and the <code>prod</code> configuration option should be enabled, which causes cookies to be set with the <code>Secure</code> flag.</li>
<li><code>perf/sendq</code> should be set to roughly the number of expected students making concurrent choices.</li>
</ul>
</main>
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-18 02:21:04 +0000