[Branch ~dhis2-documenters/dhis2/dhis2-docbook-docs] Rev 639: Simplified the nginx cache setup. Thanks to Bob for tip.

revision-diff.txt (9.02 KB)

nice commit , hope this will work on Mack/Windows as well.

···

On Tue, Dec 18, 2012 at 6:32 PM, noreply@launchpad.net wrote:


revno: 639

committer: Lars Helge Øverland larshelge@gmail.com

branch nick: dhis2-docbook-docs

timestamp: Tue 2012-12-18 14:01:15 +0100

message:

Simplified the nginx cache setup. Thanks to Bob for tip.

modified:

src/docbkx/en/dhis2_implementation_guide_installation.xml

lp:~dhis2-documenters/dhis2/dhis2-docbook-docs

https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs

Your team DHIS 2 developers is subscribed to branch lp:~dhis2-documenters/dhis2/dhis2-docbook-docs.

To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs/+edit-subscription

=== modified file ‘src/docbkx/en/dhis2_implementation_guide_installation.xml’

— src/docbkx/en/dhis2_implementation_guide_installation.xml 2012-12-13 15:10:02 +0000

+++ src/docbkx/en/dhis2_implementation_guide_installation.xml 2012-12-18 13:01:15 +0000

@@ -127,11 +127,10 @@

   <para>nginx configuration is built around a hierarchy of blocks representing http, server and location, where each block inherit settings from parent blocks. The following snippet will configure nginx to proxy pass (redirect) requests from port 80 (which is the port nginx will listen on by default) to our Tomcat instance. It will also make nginx serve requests for static content such as javascript, stylesheets and images and instruct clients to cache it for 4 days which will reduce the load on Tomcat and improve overall performance. Include the following configuration in nginx.conf:</para>


   <para><screen><![CDATA[server {

listen 80;

  • root /home/dhis/tomcat/webapps/ROOT;

  • client_max_body_size 10M; # Default 1M, change it!

  • root /home/dhis/tomcat/webapps/ROOT; # Update path!

  • client_max_body_size 10M;

    Serve static content

  • Root points to your DHIS webapp location, update it!

    location ~ (.js$|.css$|.gif$|.woff$|.ttf$|.eot$|^/images/|^/icons/|^/dhis-web-commons/.*.png$) {

    add_header Cache-Control public;

@@ -162,18 +161,18 @@

   <screen>openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr</screen>

   <para>When you have your certificate files (.pem and .key) you will need to place them in a location which is reachable by nginx. A good location for this can be the same directory as where your nginx.conf file is located.</para>


   <para>Below is an nginx server block where the certificate files are named server.crt and server.key. Since SSL connections usually occur on port 443 (HTTPS) we pass requests on that port (443) on to the DHIS instance running on <emphasis role="italic">[http://localhost:8080](http://localhost:8080)</emphasis> The first server block will rewrite all requests connecting to port 80 and force the use of HTTPS/SSL. This is also necessary because DHIS is using a lot of redirects internally which must be passed on to use HTTPS. Remember to replace <emphasis role="italic">&lt;server-ip&gt;</emphasis> with the  IP of your server. These blocks should replace the  one from the previous section.</para>
  •  <screen><![CDATA[# Rewrite block to force use of SSL
    
  •  <screen><![CDATA[# HTTP server - rewrite to force use of SSL
    

server {

listen 80;

  • rewrite ^ https://$request_uri? permanent;
  • rewrite ^ https://$request_uri? permanent;

}

-# SSL server block

+# HTTPS server

server {

listen 443;

  • root /home/dhis/tomcat/webapps/ROOT;
  • root /home/dhis/tomcat/webapps/ROOT; # Update path!

    client_max_body_size 10M;

    ssl on;

@@ -186,13 +185,15 @@

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

  • Root points to your DHIS webapp location, update it!

  • Serve static content

    location ~ (.js$|.css$|.gif$|.woff$|.ttf$|.eot$|^/images/|^/icons/|^/dhis-web-commons/.*.png$) {

    add_header Cache-Control public;

    expires 7d;

    }

  • Proxy pass to servlet container

location / {

 proxy_pass        [http://localhost:8080/](http://localhost:8080/);

 proxy_redirect    off;

@@ -208,24 +209,29 @@

   <para>Requests for reports, charts, maps and other analysis-related resources will often take

     some time to respond and might utilize a lot of server resources. In order to improve

     response times, reduce the load on the server and hide potential server downtime we can
  •    introduce a cache proxy in our server setup. However, a cache proxy cannot cache content
    
  •    which is served over SSL/HTTPS since the content will be encrypted and the response headers
    
  •    cannot be understood by the server. The following configuration will serve reports, data
    
  •    visualizer, GIS and dashboard modules over HTTP while serving all other modules over
    
  •    SSL/HTTPS. Analysis-related requests will be cached by nginx. The cached content will be
    
  •    introduce a cache proxy in our server setup. This setup will cache analysis related content
    
  •    which typically requries the most server resources to produce. The cached content will be
    
       stored in directory /var/cache/nginx, and up to 250 MB of storage will be allocated. Nginx
    
       will create this directory automatically.</para>
    
     <screen>http {
    

  • root /home/dhis/tomcat/webapps/ROOT; # update path!
  • root /home/dhis/tomcat/webapps/ROOT; # Update path!

    proxy_cache_path /var/cache/nginx keys_zone=dhis:250m inactive=1d;

  • <![CDATA[# HTTP server - rewrite to force use of HTTPS
  • server {

  • listen 80;

  • rewrite ^ https://$request_uri? permanent;

  • }

HTTPS server

server {

  • listen 443 ssl default_server;
  • listen 443;

    client_max_body_size 10M;

  • ssl on;

    ssl_certificate server.crt;

    ssl_certificate_key server.key;

@@ -235,79 +241,36 @@

 ssl_ciphers                HIGH:!aNULL:!MD5;

 ssl_prefer_server_ciphers  on;
  • Rewrite analysis modules to HTTP, update domain!

  • location ~ ^/(dhis-web-mapping|dhis-web-visualizer|dhis-web-reporting|dhis-web-dashboard-integration) {

  •  rewrite    ^ [http://yourdomain.org](http://yourdomain.org)$request_uri? permanent;
    
  • }

  • Serve static content

  • location ~* (.js$|.css$|.gif$|.woff$|.ttf$|.eot$|^/images/|^/icons/|^/dhis-web-commons/.*.png$) {

  •  add_header  Cache-Control  public;
    
  •  expires     7d;
    
  • }

  • Proxy pass to servlet container, update URL!

  • location / {

  •  proxy_pass          [http://localhost:8080](http://localhost:8080);
    
  •  proxy_redirect      off;
    
  •  proxy_set_header    Host               $host;
    
  •  proxy_set_header    X-Real-IP          $remote_addr;
    
  •  proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
    
  •  proxy_set_header    X-Forwarded-Proto  https;
    
  • }

  • }

  • HTTP server

  • server {

  • listen 80;

  • client_max_body_size 10M;

  • Rewrite security and about namespace to HTTPS, update domain!

  • location ~ ^/(dhis-web-commons/security|dhis-web-commons-security|dhis-web-commons-about) {

  •  rewrite    ^ [https://yourdomain.org](https://yourdomain.org)$request_uri? permanent;
    
  • }

  • Serve static content

  • location ~* (.js$|.css$|.gif$|.woff$|.ttf$|.eot$|^/images/|^/icons/|^/dhis-web-commons/.*.png$) {

  •  add_header  Cache-Control  public;
    
  •  expires     7d;
    
  • }

  • Cache and proxy pass analysis to servlet container, update URL!

  • Serve static content

  • location ~ (.js$|.css$|.gif$|.woff$|.ttf$|.eot$|^/images/|^/icons/|^/dhis-web-commons/.*.png$) {

  •  add_header  Cache-Control  public;
    
  •  expires  7d;
    
  • }

  • Cache and proxy pass analysis related requests to servlet container

    location ~ (api/(chart*|map*|reports|reportTables)|generateDataSetReport.action|exportTable.action) {

  •  proxy_pass          [http://localhost:8080](http://localhost:8080);
    
  •  proxy_redirect      off;
    
  •  proxy_set_header    Host               $host;
    
  •  proxy_set_header    X-Real-IP          $remote_addr;
    
  •  proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
    
  •  proxy_set_header    X-Forwarded-Proto  http;
    
  •  proxy_cache         dhis;
    
  • }

  • Proxy pass analysis modules to servlet container, update URL!

  • location ~ ^/(api|dhis-web-commons|dhis-web-mapping|dhis-web-visualizer|dhis-web-reporting|dhis-web-dashboard-integration) {

  •  proxy_pass          [http://localhost:8080](http://localhost:8080);
    
  •  proxy_redirect      off;
    
  •  proxy_set_header    Host               $host;
    
  •  proxy_set_header    X-Real-IP          $remote_addr;
    
  •  proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
    
  •  proxy_set_header    X-Forwarded-Proto  http;
    
  • }

  • Rewrite remaining to HTTPS, update domain!

  •    proxy_pass          [http://localhost:8080](http://localhost:8080);
    
  •    proxy_redirect      off;
    
  •    proxy_set_header    Host               $host;
    
  •    proxy_set_header    X-Real-IP          $remote_addr;
    
  •    proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
    
  •    proxy_set_header    X-Forwarded-Proto  https;
    
  •    proxy_cache         dhis;
    
  • }

  • Proxy pass remaining requests to servlet container

    location / {

  •  rewrite    ^ [https://yourdomain.org](https://yourdomain.org)$request_uri? permanent;
    
  •  proxy_pass        [http://localhost:8080/](http://localhost:8080/);
    
  •  proxy_redirect    off;
    
  •  proxy_set_header  Host               $host;
    
  •  proxy_set_header  X-Real-IP          $remote_addr;
    
  •  proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
    
  •  proxy_set_header  X-Forwarded-Proto  https;
    

    }

  • }
  • }]]>

}


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp


Regards,
Brajesh