NPM - What services need what toggled? - eviltoast

Hiya, just got NPM installed and working, very happy to finally have SSL certs on all of my serivces and proper URLs to navigate to them, what a breeze! However, as I am still in the learning process: I am curious to know when to enable these three toggles and for what services. I assume the “Block Common Exploits”, can always be turned on. But unsure about the two others. Some applications have not worked until I turned on the Websockets Support, but I dont really know what it does, nor do I know what applications need this in order to fully work. Are there any thumb rules for these things?

Appriciate any pointers! 🌻

  • taaz@biglemmowski.win
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    7 months ago

    I don’t use nginx proxy manager but websocket has to be enabled for apps that use websockets (duh) - you would have to dive into docs or example infra configs to check if the service uses it.
    Rule of thumb here would be to enable it for everything. Optionally you could check if the service works with/without it.

    E: Websockets are used when a website needs to talk in “real-time” with the servers - live views and graphs will usually use it also notifications, generally if the website does not reload/redraw fully but data seems to change then there is a high chance it uses websockets under the hood (but there are ways to do it without ws, ex. SSE).

    Example: Grafana uses websockets but qbittorrent web ui uses other means (SSE) and does not require ws.