1. Add Nginx Yum repository
-
vi /etc/yum.repos.d/nginx.repo
In this file you need to paste the following:
[nginx]
name=nginx repo
enabled=1
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
-
Save and exit the file.
2- Install Nginx
-
yum install nginx -y
Nginx and its dependencies will be installed.
3- Configure RP
-
Remove or rename the existing .conf files (e.g. default.conf & example_ssl.conf) located in /etc/nginx/conf.d directory on the nginx server.
-
Create .conf file and add the fomat as mentioned below
vi proxy.conf (add below lines in the file)
server {
listen 80;
listen 8080;
listen 443 ssl;
listen 8443 ssl;
listen 9990 ssl;
server_name rp.usc.com; (Server name is the FQDN where nginx is configured)
ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/privateKey.key;
resolver 192.168.4.21; (or your DNS server)
client_max_body_size 100M;
client_body_buffer_size 512k;
location /gateway/ {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}
location /gateway/websocketcall {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}
location /csdk-sample/ {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}
# redirect server not found page to the static page /404.html
error_page 404 /40x.html;
location = /40x.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
#REQUIRE FOR LIVE ASSIST SAMPLE APP
location /assistsample/ {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}
#REQUIRE FOR LIVE ASSIST SAMPLE APP
location /assist-agent-console/ {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}
location /agent/console/ {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}
#REQUIRE FOR LIVE ASSIST SCREEN SHARING
location /assistserver/topic {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8080$request_uri;
}
#REQUIRE FOR LIVE ASSIST DOCS SHARING
location /assist-resourcemanager/ {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
chunked_transfer_encoding off;
}
#REQUIRE FOR LIVE ASSIST APIs
location /assistserver/ {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}
#REQUIRED FOR IE PLUGIN
#Replace<IE Plugin Path> with value configured at bottom of page https://<FAS_SERVER>:8443/web_plugin_framework/webcontroller/admin/
location /<IE Plugin Path> {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}
#REQUIRED FOR SAFARI PLUGIN
#Replace<SAFARI Plugin Path> with value configured at bottom of page https://<FAS_SERVER>:8443/web_plugin_framework/webcontroller/admin/
location /<SAFARI Plugin Path> {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}
}
-
Save and exit the file
4- Creating a self-signed cert for testing
If you want to encrypt the leg to the reverse proxy you can run the following commands from within /etc/nginx to create a self-signed cert.
-
Install openssl tools --> yum install openssl openssl-devel
-
Create private key --> openssl genrsa -out privateKey.key 2048
-
Sign a CRT locally (Use the FQDN for your nginx server)
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
This will give you a /etc/nginx/privateKey.key & /etc/nginx/certificate.crt and is enough to encrypt the traffic with a self-signed cert. .
5- Restart Nginx
-
service nginx restart
-
service nginx status
Make a note that we need to restart the nginx service after every change in proxy.conf.
----------------------------------------------------------------------------------------------------------------------------
Errors
---------------------------------------------------------
If the particular link which you are trying to access is not passed properly in RP configuration file or blocked in RP configuration, it will give the error of 404.
Example1- Comment the proxy_pass line in the below mentioned section of proxy.conf file:
location /csdk-sample/ {
proxy_set_header Host $http_host;
# proxy_pass https://192.168.4.18:8443$request_uri;
}
We are not able to access https://rp.usc.com:8443/csdk-sample:
Example2- Comment the proxy_pass line in the below mentioned section of proxy.conf file:
location /assistsample/ {
proxy_set_header Host $http_host;
# proxy_pass https://192.168.4.18:8443$request_uri;
}
We are not able to access https://rp.usc.com:8443/assistsample:
Comments
0 comments
Please sign in to leave a comment.