Introduction

NGINX can be used as a reverse proxy for all ART-DECOR services. For the offical website, see: https://www.nginx.com/

What does it do:

• It can route any incoming webserver traffic, and point it to the correct service in the background
• It can do TLS-offloading, so that all ART-DECOR services are reachable over a secure https://URL with a PKI-certificate deployed in front of it

Overview

The routing works as follows:

1. A website user requests a page with their browser

2. NGINX handles traffic on port 80 (HTTP) and port 443 (HTTPS)

• Any port 80 traffic can be forwarded to port 443
• NGINX listens on port 443, and does TLS-offloading so the external URL is reachable through https://URL by a PKI-certificate.
• Depending on the request path, the request should be forwarded to either tomcat (XForms) or eXist-db (database).

3. Request path /art-decor is routed to tomcat running on port 8080.

• All XForms, website pages are presented through tomcat. Tomcat retrieves them from eXist-db, configured via the page-flow.xml configuration file.
• Images present in the art-decor.war are retrieved directly from Tomcat.

4. All other ART-DECOR paths are routed to eXist-db, running on port 8877. An example of these services which are served by eXist-db itself, is documented on [URIs], for instance for retrieving the ProjectIndex, Datasets, Valuesets, etc.

Please note that this setup assumes all applications are running on the same server: NGINX, tomcat and eXist-db.

Example NGINX config files

For examples of NGINX configurations files, see:

• ART-DECOR_installation_nginx_http_example
  • The HTTP config file forwards all traffic to HTTPS
• ART-DECOR_installation_nginx_https_example
  • Main NGINX ART-DECOR configuration file which routes to Tomcat and eXist-db