E
dit
A
ttach
P
rintable
r6 - 2019-10-09 - 11:01:41 -
PaulEllis
You are here:
TWiki
>
Deployment Web
>
DeploymentInstallingUpgradingAndMigrating
>
InstallProxyServers
>
ConfiguringNGINXReverseProxy
<div id="header-title" style="padding: 10px 15px; border-width:1px; border-style:solid; border-color:#FFD28C; background-image: url(<nop>https://jazz.net/wiki/pub/Deployment/WebPreferences/TLASE.jpg); background-size: cover; font-size:120%"> ---+!! Configuring a NGINX Reverse Proxy <img src="https://jazz.net/wiki/pub/Deployment/WebPreferences/uc.png" alt="uc.png" width="50" height="50" align="right"> %DKGRAY% Authors: Main.NealMiddlemore <br> Build basis: None. %ENDCOLOR%</div></sticky> <!-- Page contents top of page on right hand side in box --> <sticky><div style="float:right; border-width:1px; border-style:solid; border-color:#DFDFDF; background-color:#F6F6F6; margin:0 0 15px 15px; padding: 0 15px 0 15px;"> %TOC{title="Page contents"}% </div></sticky> <sticky><div style="margin:15px;"></sticky> Nginx (pronounced engine-x) is a free, open source high performance http server and reverse proxy. Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption. Please note that there has been mixed success with Nginx and this document is only supposed to provide information that worked at one site. This page is supported via the [[https://jazz.net/forum/][jazz.net forum]] and not IBM Support as this is not a certified proxy server at this time. ---++ About NGINX Nginx is one of a handful of servers written to address the [[http://www.kegel.com/c10k.html][C10K]] problem. Unlike traditional servers, Nginx doesn't rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load. <b>Whilst IBM doesnt explicitly support Nginx as a reverse proxy for use with Jazz based applications, this article explains how to make Nginx work as a reverse proxy in this situation. Out of the box, NGINX seems to work for everything except DOORS Next Generation. In DNG you will typically be able to log in and create a new project but not be able to create any new artefacts.</b> ---++ Setting up NGINX There are two basic parts to setting up NGINX to work with CLM, the first is to set up the reverse proxy entries and the second part is to make the server stop ignoring invalid headers. ---+++ Part 1 - Adding the reverse proxy entries: The way nginx and its modules work is determined in the configuration file. By default, the configuration file is named nginx.conf and placed in the directory /usr/local/nginx/conf, /etc/nginx, or /usr/local/etc/nginx. The first thing that is needed is to add the application contexts to the reverse proxy configuration. A specific entry is needed for each application context you need to access, for a standard CLM deployment of RTC/RQM/DNG you would need to add JTS, CCM, QM, RM and ADMIN application contexts where ADMIN is used to manage lifecycle projects and the JTS is used to manage the underpinning Jazz Team Server (i.e. adding users, allocating licenses etc.). There are various parameters that can be set on each entry, the important one is proxy_pass as this defines the target of the pass through. Here is an example for JTS and CCM: <verbatim> location /jts { proxy_pass https://123.123.123.123:443/jts; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_pass_header on; proxy_pass_request_headers on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /ccm { proxy_pass https://123.123.123.123:443/ccm; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_pass_header on; proxy_pass_request_headers on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } </verbatim> ---+++ Part 2 - Configure the server to ignore invalid headers The major problem with Nginx and the default configuration is that whilst RTC and RQM seem to work perfectly well, <b>DNG/RRC does not work</b>. Setup can still be done even on the RM application and you can even create a project and add users to it, however the problems start when you try to create an artefact, this just will not work. To make the /rm application work, we need to deploy a server directive to the http server part of the core configuration: ignore_invalid_headers off; Nginx defaults this value to ON and this directive is singularly responsible for making /rm work correctly. A more complete segment of the nginx.conf file would look like this: <verbatim> server { # simple reverse-proxy listen 443; invalid_headers_off; server_name domain2.com www.domain2.com; access_log logs/domain2.access.log main; } # pass requests for dynamic content to CLM, et al location /jts { proxy_pass https://123.123.123.123:443/jts; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_pass_header on; proxy_pass_request_headers on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /ccm { proxy_pass https://123.123.123.123:443/ccm; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_pass_header on; proxy_pass_request_headers on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /rm { proxy_pass https://123.123.123.123:443/rm; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_pass_header on; proxy_pass_request_headers on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /qm { proxy_pass https://123.123.123.123:443/qm; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_pass_header on; proxy_pass_request_headers on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } </verbatim> Once this has been deployed to the server and the http server has been restarted, /rm will work. To restart the Nginx server and reload the configuration file, this command can be issued: _nginx -s reload_ For more information on Nginx configuration please refer to the [[http://nginx.org/en/docs/][NGINX Documents website]]. ---+++++!! Related topics: [[DeploymentWebHome][Deployment web home]], [[DeploymentWebHome][Deployment web home]] ---+++++!! External links: * [[https://www.ibm.com][IBM]] *[[http://nginx.org/en/docs/][NGINX Documents website]] ---+++++!! Additional contributors: Main.TWikiUser, Main.TWikiUser <sticky></div></sticky>
E
dit
|
A
ttach
|
P
rintable
|
V
iew topic
|
Backlinks:
We
b
,
A
l
l Webs
|
H
istory
: r6
<
r5
<
r4
<
r3
<
r2
|
M
ore topic actions
Deployment
Deployment web
Planning and design
Installing and upgrading
Migrating and evolving
Integrating
Administering
Monitoring
Troubleshooting
Community information and contribution guidelines
Create new topic
Topic list
Search
Advanced search
Notify
RSS
Atom
Changes
Statistics
Web preferences
NOTE: Please use the Sandbox web for testing
Status icon key:
To do
Under construction
New
Updated
Constant change
None - stable page
Smaller versions of status icons for inline text:
Copyright © by IBM and non-IBM contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our
Terms of Use.
Please read the following
disclaimer
.
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more
here
.