I don't try IP wrapping and tunelling diese method, only NGINX.
Pleas write me your method config, i try this!
Whenn nginx proxy applied to, the content elements is load from proxy,
non a tomcat !
I measure the different, ~+20% sppedup whenn nginx in frontend, this
good result (not tuning settings, optimizing is more better performance).
Main service test normaly load, the red5|tomcat is throttling app
download speed. The nginx on frontend is good alternative.
Balazs
2013-11-28 21:12 keltezéssel, Cimpeanu Stefan írta:
An easyer solution (to my origibal purpose - isolate OM from direct
access - ) which seem to be working is tunneling with iptables ip
forwarding and dnat on a basic vps.
So far "self tests" showed no issues.
Regards, Bogdan
"Varga Balázs" <[email protected]> wrote:
Try this, not full config file....:
/etc/nginx/nginx.conf
# default username mapped a security vault
user www-service www-service;
# worker process as CPU
worker_processes 4;
worker_rlimit_nofile 1024;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local]
"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
"$http_range" "$sent_http_content_range" "$http_x_forwarded_for"';
index index.html index.htm index.php;
access_log /var/log/nginx/access.log main;
error_log /var/log/error.log;
## General Options
ignore_invalid_headers on;
keepalive_requests 2000;
recursive_error_pages on;
server_name_in_redirect off;
server_tokens off;
## Timeouts
client_body_timeout 5m; #A file feltoltesekhez eleg
hosszunak kel lennie
client_header_timeout 30;
keepalive_timeout 60 30;
send_timeout 60;
expires 24h;
## TCP options
tcp_nodelay on;
tcp_nopush on;
## Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 1400;
gzip_vary on;
gzip_types text/plain text/css image/png image/gif
image/jpeg application/pdf application/x-javascript text/xml
application/xml application/xml+rss text/javascript ;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
output_buffers 1 32k;
postpone_output 1640;
client_max_body_size 256M;
sendfile on;
#limit_conn_zone $binary_remote_addr
zone=conn_limit_per_ip:10m;
#limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m
rate=5r/s;
#OM Backend servers, NGINX is parse many server over RDNS, custom
RR database, simple timeout/connected peer count...etc
#Visit this NGINX Wiki
upstream openmeetings_http_server_1{
server serverx.omserver.tld:5080;
}
upstream openmeetings_event_server_1{
server serverx.omserver.tld:8088;
}
}
Include this conf in your (virtual)host SERVER section:
/etc/nginx/virtualhosts/openmeetings_proxyed
location ~ ^/openmeetings {
access_log /var/log/nginx/openmeetings.log main;
error_log /var/log/nginx/openmeetings-error.log debug;
expires off;
#location ~* ^.+.(jpg|jpeg|png|gif|ico|flv|mp4)$ {
# expires 1d;
# log_not_found off;
# access_log off;
# #add_header Cache-Control "public";
#}
#Read and rewrite all url query
rewrite ^/(.*) http://openmeetings_http_server_1/$1;
#Set proxy name/IP based upstream
proxy_pass http://openmeetings_http_server_1;
#Caller header settings is a critical point, require all IP and
header data
proxy_redirect off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ ^(/open/|/close/|/idle/|/send/)$ {
access_log /var/log/nginx/openmeetings.log main;
error_log
/var/log/nginx/openmeetings-error.log debug;
#expires off;
proxy_pass http://openmeetings_event_server_1;
proxy_redirect off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
#include /etc/nginx/fastcgi_params;
}
I try this config vith OM 2.1.1 and 3.0 oldest (~6 month later).
I aply this http 80/443 SSL tunneling:
/etc/nginx/virtualhost.conf:
tunneling 80:
server{
server_name..... ;
listen 80;
..
..
include /etc/nginx/virtualhosts/openmeetings_proxyed;
}
tunneling 443:
server{
# more OM server is one common SSL cert protected a frontend
server_name..... ;
listen 443 ssl;
..
..
include /etc/nginx/virtualhosts/openmeetings_proxyed;
}
The tunneled version is work fine, problem a presentation pagination,
this is not working correctli when OM backend.
I sure, the pagination event generated call is ok, the SWF method
get->loading call server direct IP url and not a frontend, this is conflict.
Try and test this, refer to me pleas!
I not testing more settings - no many time.
Balazs
2013-11-28 18:56 keltezéssel, Sergey írta:
Hello! Can you show your config of nginx, where you proxy 80
port to 5080 and 8088. How do you split them? I can only
suggest name field in the HTTP1.1 header, but i am interested
in the configuration. Thanks in advanced! Sergey. 28.11.2013
21:47, Varga Balázs пишет:
I try nginx frontend proxy from OM: Set NGINX as frontend
and OM server backend as IP based upstream. Upstream proxy
tunneling OM 5080 and 8088 to frontend 80 port, 1935 is
live - this a firewall friendly. My OM server(s) is set
FQDN host name, not IP base. Try this model a common
frontend SSL tunneling, OM-s have in separated LAN and
communocate directly only proxy, not a public. This
combination working, available problem presentation
pagination not working. The pagination events successfull
load, check in logs, problem the name/IP based wrapping on
proxy. This method working finaly whenn OM is IP based,
non hostname. After find this pagination problem, I not
try other settings. Balazs 2013-11-28 13:16 keltezéssel,
Stefan írta:
Hello. What ports other than 5080 and 1935 need I
setup in nginx, in order to provide full reverse proxy
for an OM installation? Should I consider tunneling
instead (to be able to tunnel all possible ports
through another server) ? Regards, Bogdan.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
