NGINX
This is how to configure NGINX as a reverse proxy in front of the Axon Ivy Engine:
All HTTP traffic is redirected to HTTPS
Only the application demo-portal is available via the reverse proxy
NGINX communicates via HTTP with the Axon Ivy Engine
# redirect all http traffic to https
server {
server_name _;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
# ssl
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
# static files on reverse proxy
root /var/www/html;
location / {
# redirect to ivy application
rewrite ^/$ /demo-portal/ redirect;
location /demo-portal/ {
client_max_body_size 20m;
client_body_buffer_size 128k;
add_header X-Cache-Status $upstream_cache_status;
# proxy header settings
proxy_set_header Connection "Upgrade";
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
# not needed because Host header is already set correctly
# proxy_set_header X-Forwarded-Host $host;
# Needed to terminate SSL on NGINX
proxy_set_header X-Forwarded-Proto https;
# not needed because we serve the site via standard https port already
#proxy_set_header X-Forwarded-Proto 443;
# proxy connection settings
proxy_buffers 32 4k;
proxy_connect_timeout 240;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
proxy_http_version 1.1;
proxy_read_timeout 240;
proxy_redirect http:// $scheme://;
proxy_send_timeout 240;
# Axon Ivy Engine
proxy_pass http://localhost:8080/demo-portal/;
}
}
}