Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
dglux5_wiki:installation:install_nginx [2019/09/10 18:54]
oem
dglux5_wiki:installation:install_nginx [2019/09/19 22:43] (current)
oem
Line 1: Line 1:
-====== Install NGINX with DGLux5 ​Server ======+====== Install NGINX with DGLux Server ======
  
-There are a couple of use-cases when you may decide to install NGINX proxy web-server in front of the DGLux5 Server. +[[https://github.com/IOT-DSA/docs/wiki/Install-NGINX-with-DSA-Server|Install ​NGINX with DSA Server]]
-  - There are multiple applications hosted on the same server that use different domain names. However, they all use the same default HTTP(S) ports 80 and 443. NGINX can listen on the default ports and route requests to backend applications depending on the domain name. +
-  - You want to have better control over SSL configuration using Nginx settings to override the capabilities of the DGLux Server library. This is required if you want to allow only specific ciphers and protocols versions. +
- +
-==== Install on Ubuntu ==== +
-This tutorial assumes that you already have your DGLux Server installed in ''/​opt/​dsa/​dglux-server''​. +
- +
-=== 1. Update Ubuntu packages === +
-<​code>​ +
-apt update +
-apt upgrade +
-</​code>​ +
- +
-=== 2. Install NGINX === +
-<​code>​ +
-apt-get install nginx +
-</​code>​ +
- +
-=== 3. Configure NGINX === +
-Open main NGINX configuration file ''​nginx.conf''​ and make it look like this +
-<​code>​nano /​etc/​nginx/​nginx.conf</​code>​ +
-<code nginx> +
-user www-data; +
-worker_processes 2; +
-pid /​run/​nginx.pid;​ +
-include /​etc/​nginx/​modules-enabled/​*.conf;​ +
- +
-events { +
-    worker_connections 1024; +
-+
- +
-http { +
- +
-    ## +
-    # Basic Settings +
-    ## +
- +
-    sendfile on; +
-    tcp_nopush on; +
-    tcp_nodelay on; +
-    keepalive_timeout 65; +
-    types_hash_max_size 2048; +
-    server_tokens off; +
-    client_max_body_size 64M; +
-    proxy_buffers 16 16k; +
-    proxy_buffer_size 16k; +
- +
-    server_names_hash_bucket_size 128; +
-    server_name_in_redirect on; +
- +
-    include /​etc/​nginx/​mime.types;​ +
-    default_type application/​octet-stream;​ +
- +
-    ## +
-    # SSL Settings +
-    ## +
- +
-    ssl_protocols TLSv1.2; # Dropping SSLv3 and TLS < 1.2, ref: POODLE +
-    ssl_prefer_server_ciphers on; +
- +
-    ## +
-    # Logging Settings +
-    ## +
- +
-    access_log /​var/​log/​nginx/​access.log;​ +
-    error_log /​var/​log/​nginx/​error.log;​ +
- +
-    ## +
-    # Gzip Settings +
-    ## +
- +
-    gzip on; +
-    gzip_disable "​msie6";​ +
-    gzip_vary on; +
-    gzip_proxied any; +
-    # gzip_comp_level 6; +
-    # gzip_buffers 16 8k; +
-    # gzip_http_version 1.1; +
-    gzip_types text/plain text/css application/​json application/​javascript text/xml application/​xml application/​xml+rss text/​javascript;​ +
- +
-    ## +
-    # Virtual Host Configs +
-    ## +
- +
-    include /​etc/​nginx/​conf.d/​*.conf;​ +
-    include /​etc/​nginx/​sites-enabled/​*;​ +
-+
-</​code>​ +
-Set ''​worker_processes''​ to a number of cores on your server. +
- +
-=== 4. Configure DGLux Server as virtual host === +
-The configuration below allows only HTTPS connection and does a 301 redurect if requested over HTTP. +
-<​code>​nano /​etc/​nginx/​sites-available/​dglux.conf</​code>​ +
-<code nginx> +
-map $http_upgrade $connection_upgrade { +
-    default upgrade; +
-    '' ​  '';​ +
-+
- +
-upstream dglux { +
-    server localhost:​8443 max_fails=0 fail_timeout=30s;​ +
-    keepalive 32; +
-+
- +
-server { +
-    listen 80 default_server;​ +
-    server_name your-domain.com;​ +
-    return 301 https://$host$request_uri;​ +
-+
- +
-server { +
-    listen 443 ssl default_server;​ +
-    server_name your-domain.com+
- +
-    ssl_certificate ​/opt/​dsa/​dglux-server/certs/aiqCert.pem;​ +
-    ssl_certificate_key ​/opt/​dsa/​dglux-server/​certs/​aiqKey.pem;​ +
-    ssl_protocols TLSv1.2 TLSv1.3; +
-    ssl_prefer_server_ciphers on; +
-    ssl_ciphers '​EECDH+AESGCM:​EDH+AESGCM:​AES256+EECDH:​AES256+EDH';​ +
- +
-    access_log ​ /​var/​log/​nginx/​access.log;​ +
-    error_log ​  /​var/​log/​nginx/​error.log warn; +
-    charset utf-8; +
- +
-    location / { +
-        proxy_pass https://​dglux;​ +
-        proxy_set_header X-Real-IP $remote_addr;​ +
-        proxy_http_version 1.1; +
-        proxy_set_header X-Forwarded-For $remote_addr;​ +
-        proxy_set_header Host $http_host;​ +
-    } +
- +
-    location /ws { +
-        proxy_pass https://​dglux;​ +
-        proxy_set_header X-Real-IP $remote_addr;​ +
-        proxy_http_version 1.1; +
-        proxy_set_header X-Forwarded-For $remote_addr;​ +
-        proxy_set_header Host $http_host;​ +
-        proxy_set_header Upgrade $http_upgrade;​ +
-        proxy_set_header Connection $connection_upgrade;​ +
-    } +
- +
-    location /​.well-known { +
-        root /​var/​www/​ssl-verify;​ +
-    } +
- +
-    location /editor { +
-        rewrite ^/​editor/​(.*)$ /$1 last; +
- +
-        proxy_pass https://​dglux;​ +
-        proxy_set_header X-Real-IP $remote_addr;​ +
-        proxy_http_version 1.1; +
-        proxy_set_header X-Forwarded-For $remote_addr;​ +
-        proxy_set_header Host $http_host;​ +
-    } +
-+
-</​code>​ +
- +
-=== 5. Enable DGLux Server ​configuration in NGINX === +
-<​code>​ln -s /​etc/​nginx/​sites-available/​dglux.conf /​etc/​nginx/​sites-enabled/​dglux.conf</​code>​ +
- +
-=== 6. Remove "​default_server"​ directive from the default virtual host configuration === +
-<​code>​nano /​etc/​nginx/​sites-available/​default</​code>​ +
-The following default lines +
-<code nginx> +
-listen 80 default_server;​ +
-listen [::]:80 default_server;​ +
-</​code>​ +
-should be changed as following +
-<code nginx> +
-listen 80; +
-listen [::]:80; +
-</​code>​ +
- +
-=== 7. Check NGINX configuration syntax === +
-<​code>​nginx -t</​code>​ +
-Command should return OK. +
-<​code>​ +
-nginx: the configuration file /​etc/​nginx/​nginx.conf syntax is ok +
-nginx: configuration file /​etc/​nginx/​nginx.conf test is successful +
-</​code>​ +
- +
-=== 8. Stop DGLux Server === +
-If you started it from its folder +
-<​code>​ +
-/​opt/​dsa/​dglux-server/​bin/​daemon.sh stop +
-</​code>​ +
-or if you run it as a service +
-<​code>​ +
-service dsa stop +
-</​code>​ +
- +
-=== 9. Change port settings in DGLux Server configuration === +
-<​code>​ +
-nano /​opt/​dsa/​dglux-server/​server.json +
-</​code>​ +
-Update "​port"​ to 8080 and "​httpsPort"​ to 8443. Save and close. +
- +
-=== 10. Start NGINX === +
-<​code>​ +
-service nginx start +
-</​code>​ +
- +
-=== 11. Start DGLux Server === +
-If you started it from its folder +
-<​code>​ +
-/​opt/​dsa/​dglux-server/​bin/​daemon.sh start +
-</​code>​ +
-or if you run it as a service +
-<​code>​ +
-service dsa start +
-</​code>​ +
- +
-=== Done ===+