Lewati ke isi

Pengaturan NGINX sebagai proxy Apache Tomcat

Latar belakang

Spesifikasi teknis:

  • Distro linux: Ubuntu 16.04 LTS
  • Knowage suite: versi?
  • Apache Tomcat
  • Nginx Proxy

Tujuan

  • Meningkatkan kecepatan dan efisiensi pemuatan halaman
  • Keamanan
  • Nama domain sesuai keinginan
  • Penyederhanaan URL

Solusi

  • Repository resmi nginx
  • Instalasi
  • SSL dengan Let’s Encrypt

Mari gulung lengan baju

Instalasi nginx

Alih-alih menggunakan paket bawaan versi nginx dari distribusi Linux yang digunakan, kita akan menggunakan versi mainline dari repositori resmi nginx langsung. Silakan lihat laman panduan Instalasi nginx varian debian

Proxy - dasar

Tujuan pengaturan proxy dasar ini adalah untuk meneruskan laman yang dilayani sebelumnya dengan porta spesifik Tomcat (umumnya 8080) menjadi porta umum layanan HTTP yaitu 80 dan nantinya pemanggilan laman hanya perlu dengan memanggil nama domain saja

  1. Nonaktifkan konfigurasi bawaan dengan cara mengubah nama berkas, lalu buat konfigurasi baru untuk tomcat
    PROXY_FILE="tomcat-proxy.conf"
DOMAIN_URL=""
mv -v /etc/nginx/conf.d/default.conf{,.orig}
cat << EOF > /etc/nginx/conf.d/$PROXY_FILE
server {
    listen 80;
    server_name ${DOMAIN_URL};

    location / {
        proxy_pass http://127.0.0.1:8080/knowage/;
    }
}
EOF
  2. Uji dan muat ulang konfigurasi
    nginx -t ; nginx -s reload
  3. Verifikasi dengan curl
    curl -I 127.0.0.1

Proxy - static assests

In the previous code nginx acted as a man in the middle. It passed on all HTTP requests from client browsers to Tomcat and vice versa. This is fine but it does underutilise the potential of nginx which offers better performance for serving static files. So in this snippet we add some new directives to tell nginx to handle all client browser requests except for dynamic JSP files which will be processed by Tomcat. You could also use this technique to instead pass on files for other Java based languages such as Lucee/ColdFusion CFM or Groovy GSP

  1. Sunting berkas tomcat-proxy.conf
    nano /etc/nginx/conf.d/tomcat-proxy.conf
  2. Ubah sesuaikan konten berkas konfigurasi menjadi seperti di bawah:
    server {
    listen 80;
    server_name DOMAIN_URL;
    root /opt/knowage/Knowage-Server-CE/webapps/ROOT/;
    index index.jsp index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.jsp$ {
        proxy_pass http://127.0.0.1:8080/knowage/;
    }

    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 1M;
        }
    }
  3. Simpan dan keluar
    Ctrl+X -> Y+Enter
  4. Lalu terakhir uji dan muat ulang NGINX
    nginx -t ; nginx -s reload

Proxy - logs

  1. Sunting
    nano /etc/nginx/conf.d/tomcat-proxy.conf
  2. Tambahkan
    # log files
access_log /var/log/nginx/tomcat-proxy.access.log;
error_log /var/log/nginx/tomcat-proxy.error.log warn;
  3. Buat berkas tersebut dan sesuaikan aksesnya kepada nginx:adm
    touch /var/log/nginx/tomcat-proxy.{access,error}.log
chown -v nginx:adm /var/log/nginx/tomcat-proxy.{access,error}.log

Proxy - compression

Proxy - buffer & cache

Proxy - request header

Proxy - firewall

Proxy - redirection

Konfigurasi final

upstream smartbi {
    server 127.0.0.1:8080 weight=1 fail_timeout=0;
}

server {
    listen 80;
    server_name dashboard.proxsis.com;

    # increase proxy buffer to handle some web requests
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    # log
    access_log /var/log/nginx/tomcat-proxy.access.log;
    error_log /var/log/nginx/tomcat-proxy.error.log warn;

    root /opt/knowage/Knowage-Server-CE/webapps/ROOT/;
    #root /opt/knowage/Knowage-Server-CE/webapps/knowage/;
    index index.jsp index.html index.htm;

    location / {
        #proxy_redirect off;
        #try_files $uri $uri/ =404;
        #rewrite_log on;
        proxy_pass http://smartbi;

        #proxy_max_temp_file_size 0;
        #rewrite ^/knowage/(.*)$ /$1 last;
    }

    #location /knowage {
        #rewrite ^/knowage(.*)$ $1 redirect;
    #}
    #location = / {
        #return 302 /knowage/;
    #}

    location ~ \.jsp$ {
        proxy_pass http://smartbi;
        proxy_set_header Host $host;
        #proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://smartbi;
    }

    # Specifies the maximum accepted body size of a client request,
    # as indicated by the request header Content-Length.
    client_max_body_size 128M;

    # common gzip
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;

    # MIME
    include mime.types;
}