REM With Nginx

From DocWiki

Jump to: navigation, search

Contents

REM With Nginx ( Based on Centos 6.4 Nginx version 1.4.7)

Problem Summary This document describes the steps required to install and configure Nginx to act at a reverse proxy for REM calls
Error Message N/A
Possible Cause N/A
Recommended Action

Installation


This section describes the steps involved in installing Nginx.

Firstly you need to add the Nginx Yum repository. This is done by creating the following file:

/etc/yum.repos.d/nginx.repo

In this file you need to paste the following:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

Then to install Nginx you simple enter the following at the terminal:
yum install nginx

Nginx and its dependencies will be installed.

Operation

This section describes basic operation of the Nginx server.

To start, stop or restart the Nginx server you can use the service as below:
service nginx start | stop | restart

Log location in defined in the configuration files, in the case of this install we will configure them to be in the following location:

/var/log/nginx

Configuration

This section describes what needs to be configured in order for Nginx to act as a reverse proxy for REM.

Firstly you should remove or rename the existing .conf files located in the following directory on the nginx server:

/etc/nginx/conf.d

Then add a file called proxy.conf an example of the formatting below:

server {
#listen 80;
#listen 8080;
listen 443 ssl;
listen 8443 ssl;
server_name cs-nginx-reverse-proxy.cafex.com;

ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/privateKey.key;

resolver 192.168.20.120; #(Your DNS Server)

location / {
root /usr/share/nginx/html;
index index.html index.htm;
}

location /gateway/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass http://reas-server.cafex.com:8080$request_uri;
}

#REQUIRE FOR LIVE ASSIST SAMPLE APP
location /assistsample/ {
proxy_set_header Host $http_host;
proxy_pass http://reas-server.cafex.com:8080$request_uri;
}

#REQUIRE FOR LIVE ASSIST SAMPLE APP
location /expertassist/agent/ {
proxy_set_header Host $http_host;
proxy_pass http://reas-server.cafex.com:8080$request_uri;
}

Creating a self-signed cert for testing

If you want to encrypt the leg to the reverse proxy you can run the following commands from within /etc/nginx to create a self-signed cert (as in the example config).

NOTE you make need to install openssl tools,

yum install openssl openssl-devel

  • Create private key

openssl genrsa -out privateKey.key 2048

  • Sign a CRT locally (Use the FQDN for your nginx server)

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

This will give you a /etc/nginx/privateKey.key & /etc/nginx/certificate.crt and is enough to encrypt the traffic with a self-signed cert. .

Creating a CSR to get signed by a CA.

  • Create a CSR (Use the FQDN for your nginx server)

openssl req -new -sha256 -key privateKey.key -out certificate.csr

  • Check the CSR

openssl req -noout -text -in certificate.csr

  • Obtainng crt file

Send CSR created to you CA. You will get a crt file back from your CA which you can reference in the nginx config /etc/nginx/certificate.crt.

Release Remote Expert Mobile
Associated CDETS # None


Rating: 0.0/5 (0 votes cast)

Personal tools