Difference between revisions of "ART-DECOR installation nginx"
(Created page with "=Introduction= NGINX can be used as a reverse proxy for all ART-DECOR services. For the offical website, see: https://www.nginx.com/ What does it do: * It can route any incomi...") |
(→Example NGINX config files) |
||
(4 intermediate revisions by one other user not shown) | |||
Line 2: | Line 2: | ||
NGINX can be used as a reverse proxy for all ART-DECOR services. | NGINX can be used as a reverse proxy for all ART-DECOR services. | ||
For the offical website, see: https://www.nginx.com/ | For the offical website, see: https://www.nginx.com/ | ||
+ | |||
What does it do: | What does it do: | ||
* It can route any incoming webserver traffic, and point it to the correct service in the background | * It can route any incoming webserver traffic, and point it to the correct service in the background | ||
Line 11: | Line 12: | ||
[[File:Nginx_tomcat_existdb_overview.png|400px]] | [[File:Nginx_tomcat_existdb_overview.png|400px]] | ||
− | 1. A website user requests a page with their browser | + | 1. A website user requests a page with their browser. |
+ | Example would be: http://'''your external URL'''/art-decor | ||
+ | |||
2. NGINX handles traffic on port 80 (HTTP) and port 443 (HTTPS) | 2. NGINX handles traffic on port 80 (HTTP) and port 443 (HTTPS) | ||
* Any port 80 traffic can be forwarded to port 443 | * Any port 80 traffic can be forwarded to port 443 | ||
+ | * NGINX listens on port 443, and does TLS-offloading so the external URL is reachable through https://URL by a PKI-certificate. | ||
* Depending on the request path, the request should be forwarded to either tomcat (XForms) or eXist-db (database). | * Depending on the request path, the request should be forwarded to either tomcat (XForms) or eXist-db (database). | ||
3. Request path /art-decor is routed to tomcat running on port 8080. | 3. Request path /art-decor is routed to tomcat running on port 8080. | ||
Line 19: | Line 23: | ||
* Images present in the art-decor.war are retrieved directly from Tomcat. | * Images present in the art-decor.war are retrieved directly from Tomcat. | ||
4. All other ART-DECOR paths are routed to eXist-db, running on port 8877. | 4. All other ART-DECOR paths are routed to eXist-db, running on port 8877. | ||
− | An example of these services which are served by eXist-db itself, is documented on [URIs], for instance for retrieving the ProjectIndex, Datasets, Valuesets, etc. | + | An example of these services which are served by eXist-db itself, is documented on [[URIs]], for instance for retrieving the ProjectIndex, Datasets, Valuesets, etc. |
− | Please note that this setup assumes all applications are running on the same server: NGINX, tomcat and eXist-db. | + | Please note that this setup assumes all applications are running on the same server: NGINX, tomcat and eXist-db. That means that a lot of internal URLs can stay configured as '''localhost'''. |
=Example NGINX config files= | =Example NGINX config files= | ||
Line 29: | Line 33: | ||
* [[ART-DECOR_installation_nginx_https_example]] | * [[ART-DECOR_installation_nginx_https_example]] | ||
** Main NGINX ART-DECOR configuration file which routes to Tomcat and eXist-db | ** Main NGINX ART-DECOR configuration file which routes to Tomcat and eXist-db | ||
+ | =Starting NGINX= | ||
+ | <syntaxhighlight lang="bash" enclose="div"> | ||
+ | sudo service nginx start | ||
+ | </syntaxhighlight> |
Latest revision as of 08:00, 26 May 2020
Introduction
NGINX can be used as a reverse proxy for all ART-DECOR services. For the offical website, see: https://www.nginx.com/
What does it do:
- It can route any incoming webserver traffic, and point it to the correct service in the background
- It can do TLS-offloading, so that all ART-DECOR services are reachable over a secure https://URL with a PKI-certificate deployed in front of it
Overview
The routing works as follows:
1. A website user requests a page with their browser. Example would be: http://your external URL/art-decor
2. NGINX handles traffic on port 80 (HTTP) and port 443 (HTTPS)
- Any port 80 traffic can be forwarded to port 443
- NGINX listens on port 443, and does TLS-offloading so the external URL is reachable through https://URL by a PKI-certificate.
- Depending on the request path, the request should be forwarded to either tomcat (XForms) or eXist-db (database).
3. Request path /art-decor is routed to tomcat running on port 8080.
- All XForms, website pages are presented through tomcat. Tomcat retrieves them from eXist-db, configured via the page-flow.xml configuration file.
- Images present in the art-decor.war are retrieved directly from Tomcat.
4. All other ART-DECOR paths are routed to eXist-db, running on port 8877. An example of these services which are served by eXist-db itself, is documented on URIs, for instance for retrieving the ProjectIndex, Datasets, Valuesets, etc.
Please note that this setup assumes all applications are running on the same server: NGINX, tomcat and eXist-db. That means that a lot of internal URLs can stay configured as localhost.
Example NGINX config files
For examples of NGINX configurations files, see:
- ART-DECOR_installation_nginx_http_example
- The HTTP config file forwards all traffic to HTTPS
- ART-DECOR_installation_nginx_https_example
- Main NGINX ART-DECOR configuration file which routes to Tomcat and eXist-db
Starting NGINX
sudo service nginx start