Nginx configuration and errors resolution

1. Add Nginx Yum repository

  • vi /etc/yum.repos.d/nginx.repo

In this file you need to paste the following:

[nginx]
name=nginx repo
enabled=1

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0

  • Save and exit the file.

2- Install Nginx

  • yum install nginx -y

Nginx and its dependencies will be installed.

3- Configure RP

  • Remove or rename the existing .conf files (e.g. default.conf & example_ssl.conf) located in /etc/nginx/conf.d directory on the nginx server.

  • Create .conf file and add the fomat as mentioned below

vi proxy.conf (add below lines in the file)

server {

listen 80;

listen 8080;

listen 443 ssl;

listen 8443 ssl;

listen 9990 ssl;

server_name rp.usc.com; (Server name is the FQDN where nginx is configured)


ssl_certificate /etc/nginx/certificate.crt;

ssl_certificate_key /etc/nginx/privateKey.key;

 

 resolver 192.168.4.21; (or your DNS server)

client_max_body_size 100M;

client_body_buffer_size 512k;

location /gateway/ {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}

location /gateway/websocketcall {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}


location /csdk-sample/ {

proxy_set_header Host $http_host;

proxy_pass https://<FAS Server IP Address>::8443$request_uri;

}

# redirect server not found page to the static page /404.html

error_page 404 /40x.html;

location = /40x.html {

root /usr/share/nginx/html;

}


# redirect server error pages to the static page /50x.html

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root /usr/share/nginx/html;

}


#REQUIRE FOR LIVE ASSIST SAMPLE APP

location /assistsample/ {

proxy_set_header Host $http_host;

proxy_pass https://<FAS Server IP Address>:8443$request_uri;

}


#REQUIRE FOR LIVE ASSIST SAMPLE APP

location /assist-agent-console/ {

proxy_set_header Host $http_host;

proxy_pass https://<FAS Server IP Address>:8443$request_uri;

}

location /agent/console/ {
proxy_set_header Host $http_host;
proxy_pass https://<FAS Server IP Address>:8443$request_uri;
}


#REQUIRE FOR LIVE ASSIST SCREEN SHARING

location /assistserver/topic {

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_set_header Host $http_host;

proxy_pass https://<FAS Server IP Address>:8080$request_uri;

}


#REQUIRE FOR LIVE ASSIST DOCS SHARING

location /assist-resourcemanager/ {

proxy_set_header Host $http_host;

proxy_pass https://<FAS Server IP Address>:8443$request_uri;

chunked_transfer_encoding off;

}


#REQUIRE FOR LIVE ASSIST APIs

location /assistserver/ {

proxy_set_header Host $http_host;

proxy_pass https://<FAS Server IP Address>:8443$request_uri;

}

 

#REQUIRED FOR IE PLUGIN

#Replace<IE Plugin Path> with value configured at bottom of page https://<FAS_SERVER>:8443/web_plugin_framework/webcontroller/admin/

location /<IE Plugin Path>/ {

proxy_set_header Host $http_host;

proxy_pass https://<FAS Server IP Address>:8443$request_uri;

}

 

#REQUIRED FOR SAFARI PLUGIN

#Replace<SAFARI Plugin Path> with value configured at bottom of page https://<FAS_SERVER>:8443/web_plugin_framework/webcontroller/admin/

location /<SAFARI Plugin Path>/ {

proxy_set_header Host $http_host;

proxy_pass https://<FAS Server IP Address>:8443$request_uri;

}

}

  • Save and exit the file


4- Creating a self-signed cert for testing

If you want to encrypt the leg to the reverse proxy you can run the following commands from within /etc/nginx to create a self-signed cert.

  • Install openssl tools --> yum install openssl openssl-devel

  • Create private key --> openssl genrsa -out privateKey.key 2048

  • Sign a CRT locally (Use the FQDN for your nginx server)

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

This will give you a /etc/nginx/privateKey.key & /etc/nginx/certificate.crt and is enough to encrypt the traffic with a self-signed cert. .

 5- Restart Nginx

  • service nginx restart

  • service nginx status

Make a note that we need to restart the nginx service after every change in proxy.conf.

 ----------------------------------------------------------------------------------------------------------------------------

Errors

---------------------------------------------------------

If the particular link which you are trying to access is not passed properly in RP configuration file or blocked in RP configuration, it will give the error of 404.


Example1- Comment the proxy_pass line in the below mentioned section of proxy.conf file:

 location /csdk-sample/ {

proxy_set_header Host $http_host;

# proxy_pass https://192.168.4.18:8443$request_uri;

}


We are not able to access https://rp.usc.com:8443/csdk-sample:


Example2-  Comment the proxy_pass line in the below mentioned section of proxy.conf file:


location /assistsample/ {

proxy_set_header Host $http_host;

# proxy_pass https://192.168.4.18:8443$request_uri;

}

 We are not able to access https://rp.usc.com:8443/assistsample:

Please find the attached Proxy.conf
 
 
 
 
 
 
 
 
 

 

Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request

Comments

Powered by Zendesk