Hi,
We are trying to migrate E-WorkBook application from NGINX Plus to HAProxy, they developers say that only NGINX Plus is supported, so I never translated a config before and I am not too familiar with it. Can anyone give me a hand? I think the tricky part comes with Upgrade protocol that I don’t really get.
Here is a link to the docu too https://knowledgebasecontent.s3.amazonaws.com/ProductDocumentation/EWB1040/E-WorkBook%2010.4.x%20White%20Paper%20-%20Load%20Balancer%20Configuration.pdf
upstream ewb_web {
zone upstream_ewb_web 64k;
sticky cookie srv_id path=/;
server <server 1 IP>:8443;
server <server 2 IP>:8443;
keepalive 32;
}
upstream ewb_desktop {
zone upstream_ewb_desktop 64k;
server <server 1 IP>:8443;
server <server 2 IP>:8443;
}
upstream ewb_web_ir {
zone ewb_web_ir 64k;
server <server 1 IP>:8443;
server <server 2 IP>:8443;
ip_hash;
}
# We only set the "Connection" header to upgrade if the "Upgrade:" header is present (as it will be
# for web sockets and EWB Desktop Client connections)
map $http_upgrade $connection_upgrade {
default upgrade;
'' '';
}
# Set a variable for whether a response code is considered a failure (and will not be cached)
map $status $status_is_failure {
200 0;
301 0;
302 0;
default 1;
}
proxy_cache_path /tmp/nginx-ewb-cache keys_zone=ewb-cache:1m inactive=1d;
proxy_no_cache $status_is_failure;
proxy_http_version 1.1;
proxy_pass_header Server;
# Pass on http Upgrade headers (WebSockets/EWB Desktop Client) so that protocol upgrades work.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Set up X-Forwarded headers so that WildFly interprets the client's IP correctly
# Note that X-Forwarded-For is set to a specific address, rather than adding the address to a list.
# This prevents an attack whereby a bogus X-Forwarded-For could be supplied in the initial request
# (overriding the client's real IP).
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
# Pass on Host header so that upstream servers see the load balancer
proxy_set_header Host $http_host;
# Default timeouts of 20 minutes
proxy_read_timeout 20m;
proxy_send_timeout 20m;
send_timeout 20m;
server {
listen 8443 ssl default_server;
server_name <FQDN OF E-WORKBOOK>;
status_zone eworkbook;
ssl_certificate /etc/nginx/ssl/<CDERTIFICATE FILE>.crt;
ssl_certificate_key /etc/nginx/ssl/<CERTIFICATE KEY>.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location = / {
proxy_pass https://ewb_desktop;
proxy_read_timeout 1h;
proxy_send_timeout 1h;
client_max_body_size 0;
}
location / {
proxy_pass https://ewb_web;
proxy_redirect https://ewb_web $scheme://$host:$server_port;
proxy_cache ewb-cache;
client_max_body_size 0;
}
location ~/instruments {
proxy_pass https://ewb_web_ir;
proxy_buffering off;
proxy_ignore_client_abort off;
}
location /status {
# If required, add allow/deny or password directives to restrict access to this status information
status;
}
location = /status.html {
alias /usr/share/nginx/html/status.html;
}
}