@moscardo wrote:
Hi,
We are trying to migrate E-WorkBook application from NGINX Plus to HAProxy, they developers say that only NGINX Plus is supported, so I never translated a config before and I am not too familiar with it. Can anyone give me a hand? I think the tricky part comes with Upgrade protocol that I don’t really get.Here is a link to the docu too https://knowledgebasecontent.s3.amazonaws.com/ProductDocumentation/EWB1040/E-WorkBook%2010.4.x%20White%20Paper%20-%20Load%20Balancer%20Configuration.pdf
upstream ewb_web { zone upstream_ewb_web 64k; sticky cookie srv_id path=/; server <server 1 IP>:8443; server <server 2 IP>:8443; keepalive 32; } upstream ewb_desktop { zone upstream_ewb_desktop 64k; server <server 1 IP>:8443; server <server 2 IP>:8443; } upstream ewb_web_ir { zone ewb_web_ir 64k; server <server 1 IP>:8443; server <server 2 IP>:8443; ip_hash; } # We only set the "Connection" header to upgrade if the "Upgrade:" header is present (as it will be # for web sockets and EWB Desktop Client connections) map $http_upgrade $connection_upgrade { default upgrade; '' ''; } # Set a variable for whether a response code is considered a failure (and will not be cached) map $status $status_is_failure { 200 0; 301 0; 302 0; default 1; } proxy_cache_path /tmp/nginx-ewb-cache keys_zone=ewb-cache:1m inactive=1d; proxy_no_cache $status_is_failure; proxy_http_version 1.1; proxy_pass_header Server; # Pass on http Upgrade headers (WebSockets/EWB Desktop Client) so that protocol upgrades work. proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # Set up X-Forwarded headers so that WildFly interprets the client's IP correctly # Note that X-Forwarded-For is set to a specific address, rather than adding the address to a list. # This prevents an attack whereby a bogus X-Forwarded-For could be supplied in the initial request # (overriding the client's real IP). proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto https; # Pass on Host header so that upstream servers see the load balancer proxy_set_header Host $http_host; # Default timeouts of 20 minutes proxy_read_timeout 20m; proxy_send_timeout 20m; send_timeout 20m; server { listen 8443 ssl default_server; server_name <FQDN OF E-WORKBOOK>; status_zone eworkbook; ssl_certificate /etc/nginx/ssl/<CDERTIFICATE FILE>.crt; ssl_certificate_key /etc/nginx/ssl/<CERTIFICATE KEY>.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location = / { proxy_pass https://ewb_desktop; proxy_read_timeout 1h; proxy_send_timeout 1h; client_max_body_size 0; } location / { proxy_pass https://ewb_web; proxy_redirect https://ewb_web $scheme://$host:$server_port; proxy_cache ewb-cache; client_max_body_size 0; } location ~/instruments { proxy_pass https://ewb_web_ir; proxy_buffering off; proxy_ignore_client_abort off; } location /status { # If required, add allow/deny or password directives to restrict access to this status information status; } location = /status.html { alias /usr/share/nginx/html/status.html; } }
Posts: 1
Participants: 1