NGINX

This is how to configure NGINX as a reverse proxy in front of the Axon Ivy Engine:

• All HTTP traffic is redirected to HTTPS

• Only the application demo-portal is available via the reverse proxy

• NGINX communicates via HTTP with the Axon Ivy Engine

# redirect all http traffic to https
server {
    server_name _;

    listen 80;
    listen [::]:80;

    return 301 https://$host$request_uri;
}

server {
  server_name localhost;

  # ssl
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_certificate /etc/nginx/certs/server.crt;
  ssl_certificate_key /etc/nginx/certs/server.key;

  # static files on reverse proxy
  root /var/www/html;

  location / {
    # redirect to ivy application
    rewrite ^/$ /demo-portal/ redirect;

    location /demo-portal/ {
      client_max_body_size 20m;
      client_body_buffer_size 128k;
      add_header X-Cache-Status $upstream_cache_status;

      # proxy header settings
      proxy_set_header Connection "Upgrade";
      proxy_set_header Early-Data $ssl_early_data;

      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      proxy_set_header Host $host;
      # not needed because Host header is already set correctly
      # proxy_set_header X-Forwarded-Host $host;

      # Needed to terminate SSL on NGINX
      proxy_set_header X-Forwarded-Proto https;

      # not needed because we serve the site via standard https port already
      #proxy_set_header X-Forwarded-Proto 443;

      # proxy connection settings
      proxy_buffers 32 4k;
      proxy_connect_timeout 240;
      proxy_headers_hash_bucket_size 128;
      proxy_headers_hash_max_size 1024;
      proxy_http_version 1.1;
      proxy_read_timeout 240;
      proxy_redirect http:// $scheme://;
      proxy_send_timeout 240;

      # Axon Ivy Engine
      proxy_pass http://localhost:8080/demo-portal/;
    }
  }
}