FCSDK & LA With Nginx ( Based on Centos 6.4 Nginx version 1.4.7)

Introduction

This document describes the steps required to install and configure Nginx to act at a reverse proxy for FCSDK calls.
It is assumed that the following items are installed and running before installing Nginx.

Install Fusion Application Server (FAS)
Install Fusion Client SDK

These instructions were written against Nginx version 1.4.7.

1. Installation

This section describes the steps involved in installing Nginx.

Firstly you need to add the Nginx Yum repository. This is done by creating the following file:

/etc/yum.repos.d/nginx.repo

In this file you need to paste the following:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

Then to install Nginx you simple enter the following at the terminal:
yum install nginx

Nginx and its dependencies will be installed.

2. Operation

This section describes basic operation of the Nginx server.

Service operation

To start, stop or restart the Nginx server you can use the service as below:
service nginx start | stop | restart

Log location in defined in the configuration files, in the case of this install we will configure them to be in the following location:

/var/log/nginx

3. Configuration

This section describes what needs to be configured in order for Nginx to act as a reverse proxy for FCSDK.

3.1 Basic Configuration

Firstly you should remove or rename the existing .conf files located in the following directory on the nginx server:

/etc/nginx/conf.d

Then add a file called proxy.conf an example of the formatting below, full example file attached.

server {
#listen 80;
#listen 8080;
listen 443 ssl;
listen 8443 ssl;
server_name cs-nginx-reverse-proxy.cafex.com;

ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/privateKey.key;

resolver 192.168.20.120; #(Your DNS Server)

location / {
root /usr/share/nginx/html;
index index.html index.htm;
}

location /gateway/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass http://fas-server.cafex.com:8080$request_uri;
proxy_read_timeout 3000s;
}

 

#REQUIRE FOR CSDK SAMPLE APP
location /csdk-sample/ {
    proxy_set_header Host $http_host;
    proxy_pass https://fas-server.cafex.com:8443$request_uri;
    proxy_redirect http://fas-server.cafex.com:8080 https://$http_host:443/;

}

#REQUIRE FOR LIVE ASSIST SAMPLE APP
location /assistsample/ {
proxy_set_header Host $http_host;
proxy_pass http://fas-server.cafex.com:8080$request_uri;
proxy_redirect http://fas-server.cafex.com:8080 https://$http_host:443/;
}

#REQUIRE FOR AGENT ASSIST SAMPLE APP
location /assist-agent-console/ {
proxy_set_header Host $http_host;
proxy_pass http://fas-server.cafex.com:8080$request_uri;
proxy_redirect http://fas-server.cafex.com:8080 https://$http_host:443/;
}

#REQUIRE FOR NEW AGENT ASSIST SAMPLE APP
location /agent/console/ {
proxy_set_header Host $http_host;
proxy_pass http://fas-server.cafex.com:8080$request_uri;
proxy_redirect http://fas-server.cafex.com:8080 https://$http_host:443/;
}

#REQUIRE FOR LIVE ASSIST DOCS SHARING
#note turn chunking encoding off to allow larger data transfers
location /assist-resourcemanager/ {
proxy_set_header Host $http_host;
proxy_pass http://fas-server.cafex.com:8080$request_uri;
#If you get ERR_INCOMPLETE_CHUNKED_ENCODING errors
#You need to disable it with:
chunked_transfer_encoding off;
}

#REQUIRE FOR LIVE ASSIST SCREEN SHARING
location /assistserver/topic {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass http://cs-ha-wg.cafex.com:8080$request_uri;
proxy_read_timeout 3000s;

}

}

4. Creating a self-signed cert for testing

If you want to encrypt the leg to the reverse proxy you can run the following commands from within /etc/nginx to create a self-signed cert (as in the example config).

NOTE you make need to install openssl tools, yum install openssl openssl-devel

4. 1 Create private key

openssl genrsa -out privateKey.key 2048

4.2 Sign a CRT locally (Use the FQDN for your nginx server)

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

This will give you a /etc/nginx/privateKey.key & /etc/nginx/certificate.crt and is enough to encrypt the traffic with a self-signed cert. .

5. Creating a CSR to get signed by a CA.

5.1 Create a CSR (Use the FQDN for your nginx server)

openssl req -new -sha256 -key privateKey.key -out certificate.csr

5.2 Check the CSR

openssl req -noout -text -in certificate.csr

5.3 Send CSR to you CA and reference that when returned.

You will get a crt file back from your CA which you can reference in the nginx config /etc/nginx/certificate.crt.

 

 

 

Comments are disabled on these articles if you require help contact support@cafex.com.

 

Have more questions? Submit a request

Comments

Powered by Zendesk