nginx Reverse Proxy Config for Dedicated Web Server with multiple instances

Email: jason@hisp.org

Mobile : 072 9737250
Landline: 021 7120170
Fax: 021 7120170
Skype: jason.n.phillips

This message may contain privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity transmitting the message.

This email is free from viruses and malware because avast! Antivirus protection is active.

On 23 March 2014 08:10, Jason Phillips jason@hisp.org wrote:

Hello all,

I am trying to set up nginx as a reverse proxy on a dedicated web server with three instances of Tomcat/DHIS2 (connecting to a dedicated Db Server, successfully configured and checked).

I have been unable to make nginx behave as required, after numerous different configurations, and hours of trawling the ‘Net.

Attempting to following the instructions on dhis2.org resulted in bind errors ([emerg] bind() to 0.0.0.0:80 failed (98: address already in use)), and after several variations I tried setting up a simple reverse proxy following the instructions on howtoforge.com at this link. I now have arrived at the same place, albeit by a slightly different path, and am getting those bind errors again. I have even shut down all three Tomcats and removed and purged Apache (in case it was somehow interfering, which it apparently is not).

The domain dhmis.org has a DNS entry for dhis, za.dhis and train.dhis pointing to the server’s IP.

My current configuration includes a file in /etc/nginx/site-available called “dhmis.org.vhost”, which is linked to the ./sites-enabled folder. Herewith its contents:

server {

    listen 80;

    server_name [www.dhmis.org](http://www.dhmis.org) [dhmis.org](http://dhmis.org); # Have put in [za.dhis.dhmis.org](http://za.dhis.dhmis.org) and variations here…

    root /home/hisp/tomcat-dhis2-1/webapps/zanat/; # Have tried ROOT here too!

    # Serve static content

    location ~ (\.js$|\.css$|\.gif$|\.woff$|\.ttf$|\.eot$|\.ico$|^/images/|^/icons/|^/dhis-web-commons/.*\.png$) {

    add_header  Cache-Control  public;

    expires  7d;

    }

    # Proxy pass to servlet container

    location / {

            proxy_pass [http://localhost:8080/](http://localhost:8080/); # Have added 8080/zanat as variations here…

            include /etc/nginx/proxy_params;

    }

}

What am I doing wrong?

Kind regards,

Jason Phillips

Software & Information Systems

Health Information Systems Programme

---

Email: jason@hisp.org

Mobile : 072 9737250
Landline: 021 7120170
Fax: 021 7120170

Skype: jason.n.phillips

This message may contain privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity transmitting the message.

---

This email is free from viruses and malware because avast! Antivirus protection is active.

---

Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

From: Bob Jolliffe [mailto:bobjolliffe@gmail.com]
Sent: 24 March 2014 11:54 AM
To: Jason Phillips
Cc: dhis2-users
Subject: Re: [Dhis2-users] nginx Reverse Proxy Config for Dedicated Web Server with multiple instances

Hi Jason

You can’t fix your problem with nginx config without first addressing your bind error. The error is simple enough - it just means something else is already listening on port 80.

So try this:

sudo netstat -ntlp |grep ‘:80’

which will show you in the last column what exactly is listening on 80. Most probably apache or another nginx.

I am also not in favour of the approach described in our manual for serving static content, but that is something you can look at after. It has two serious downsides that (i) the nginx is bound to the same filesystem as the tomcat application server and (ii) you can only pull that “trick” with one tomcat backend. Both of which are unreasonable. What I prefer and the way it is done in the dhis2-tools is to customize the tomcat web.xml and enable caching on nginx so that all the static content get’s cached - that way nginx effectively will serve them as static files anyway.

Regards

Bob

On 23 March 2014 08:10, Jason Phillips jason@hisp.org wrote:

Hello all,

I am trying to set up nginx as a reverse proxy on a dedicated web server with three instances of Tomcat/DHIS2 (connecting to a dedicated Db Server, successfully configured and checked).

I have been unable to make nginx behave as required, after numerous different configurations, and hours of trawling the ‘Net.

Attempting to following the instructions on dhis2.org resulted in bind errors ([emerg] bind() to 0.0.0.0:80 failed (98: address already in use)), and after several variations I tried setting up a simple reverse proxy following the instructions on howtoforge.com at this link. I now have arrived at the same place, albeit by a slightly different path, and am getting those bind errors again. I have even shut down all three Tomcats and removed and purged Apache (in case it was somehow interfering, which it apparently is not).

The domain dhmis.org has a DNS entry for dhis, za.dhis and train.dhis pointing to the server’s IP.

My current configuration includes a file in /etc/nginx/site-available called “dhmis.org.vhost”, which is linked to the ./sites-enabled folder. Herewith its contents:

server {

    listen 80;

    server_name [www.dhmis.org](http://www.dhmis.org) [dhmis.org](http://dhmis.org); # Have put in [za.dhis.dhmis.org](http://za.dhis.dhmis.org) and variations here…

    root /home/hisp/tomcat-dhis2-1/webapps/zanat/; # Have tried ROOT here too!



    # Serve static content

    location ~ (\.js$|\.css$|\.gif$|\.woff$|\.ttf$|\.eot$|\.ico$|^/images/|^/icons/|^/dhis-web-commons/.*\.png$) {

    add_header  Cache-Control  public;

    expires  7d;

    }



    # Proxy pass to servlet container



    location / {

            proxy_pass [http://localhost:8080/](http://localhost:8080/); # Have added 8080/zanat as variations here…

            include /etc/nginx/proxy_params;

    }

}

What am I doing wrong?

Kind regards,

Jason Phillips

Software & Information Systems

Health Information Systems Programme

Email: jason@hisp.org

Mobile : 072 9737250
Landline: 021 7120170
Fax: 021 7120170
Skype: jason.n.phillips

This message may contain privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity transmitting the message.

This email is free from viruses and malware because avast! Antivirus protection is active.

Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp

This email is free from viruses and malware because avast! Antivirus protection is active.

On 24 March 2014 16:08, Jason Phillips jason@hisp.org wrote:

Hi Bob,

Thanks for your reply. I found I had to disable the static content serving to make nginx work, at least in the config I ended up with… Clearly, there are a lot of improvements I can make to our location settings, and nginx is certainly both very powerful and flexible. Spent quite a bit of time reading through the Pitfalls, documentation, etc. The “thing” already listening on port 80 was nginx itself, since the original .conf changes I had tried to duplicate from dhis2.org were still there – once I removed them, my problem went away – but I will remember the netstat trick for next time…

Kind regards,

Jason.

From: Bob Jolliffe [mailto:bobjolliffe@gmail.com]

Sent: 24 March 2014 11:54 AM
To: Jason Phillips
Cc: dhis2-users
Subject: Re: [Dhis2-users] nginx Reverse Proxy Config for Dedicated Web Server with multiple instances

Hi Jason

You can’t fix your problem with nginx config without first addressing your bind error. The error is simple enough - it just means something else is already listening on port 80.

So try this:

sudo netstat -ntlp |grep ‘:80’

which will show you in the last column what exactly is listening on 80. Most probably apache or another nginx.

I am also not in favour of the approach described in our manual for serving static content, but that is something you can look at after. It has two serious downsides that (i) the nginx is bound to the same filesystem as the tomcat application server and (ii) you can only pull that “trick” with one tomcat backend. Both of which are unreasonable. What I prefer and the way it is done in the dhis2-tools is to customize the tomcat web.xml and enable caching on nginx so that all the static content get’s cached - that way nginx effectively will serve them as static files anyway.

Regards

Bob

On 23 March 2014 08:10, Jason Phillips jason@hisp.org wrote:

Hello all,

I am trying to set up nginx as a reverse proxy on a dedicated web server with three instances of Tomcat/DHIS2 (connecting to a dedicated Db Server, successfully configured and checked).

I have been unable to make nginx behave as required, after numerous different configurations, and hours of trawling the ‘Net.

Attempting to following the instructions on dhis2.org resulted in bind errors ([emerg] bind() to 0.0.0.0:80 failed (98: address already in use)), and after several variations I tried setting up a simple reverse proxy following the instructions on howtoforge.com at this link. I now have arrived at the same place, albeit by a slightly different path, and am getting those bind errors again. I have even shut down all three Tomcats and removed and purged Apache (in case it was somehow interfering, which it apparently is not).

The domain dhmis.org has a DNS entry for dhis, za.dhis and train.dhis pointing to the server’s IP.

My current configuration includes a file in /etc/nginx/site-available called “dhmis.org.vhost”, which is linked to the ./sites-enabled folder. Herewith its contents:

server {

    listen 80;

    server_name [www.dhmis.org](http://www.dhmis.org) [dhmis.org](http://dhmis.org); # Have put in [za.dhis.dhmis.org](http://za.dhis.dhmis.org) and variations here…

    root /home/hisp/tomcat-dhis2-1/webapps/zanat/; # Have tried ROOT here too!

    # Serve static content

    location ~ (\.js$|\.css$|\.gif$|\.woff$|\.ttf$|\.eot$|\.ico$|^/images/|^/icons/|^/dhis-web-commons/.*\.png$) {

    add_header  Cache-Control  public;

    expires  7d;

    }

    # Proxy pass to servlet container

    location / {

            proxy_pass [http://localhost:8080/](http://localhost:8080/); # Have added 8080/zanat as variations here…

            include /etc/nginx/proxy_params;

    }

}

What am I doing wrong?

Kind regards,

Jason Phillips

Software & Information Systems

Health Information Systems Programme

---

Email: jason@hisp.org

Mobile : 072 9737250
Landline: 021 7120170
Fax: 021 7120170

Skype: jason.n.phillips

This message may contain privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity transmitting the message.

This email is free from viruses and malware because avast! Antivirus protection is active.

---

Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

---

This email is free from viruses and malware because avast! Antivirus protection is active.

From: Bob Jolliffe [mailto:bobjolliffe@gmail.com]
Sent: 24 March 2014 08:39 PM
To: Jason Phillips
Cc: dhis2-users
Subject: Re: [Dhis2-users] nginx Reverse Proxy Config for Dedicated Web Server with multiple instances

Hi Jason

Your config now looks very much like what gets deployed by dhis2-tools:

http://bazaar.launchpad.net/~dhis2-devs-core/dhis2/trunk/view/head:/tools/dhis2-tools-deb/pkg/usr/share/dhis2-tools/samples/nginx/dhis2.

With the exception that you have done that neat trick with proxy_params which I will copy. You might want to also look at some of the rewrites I have done in that file.

The following is the link to the web.xml file you might consider dropping in to replace the default tomcat one to achieve the static content serving. The stuff at the top using tomcat expires filter does the magic.

http://bazaar.launchpad.net/~dhis2-devs-core/dhis2/trunk/view/head:/tools/dhis2-tools-deb/pkg/usr/share/dhis2-tools/skel/conf/web.xml

Cheers

Bob

On 24 March 2014 16:08, Jason Phillips jason@hisp.org wrote:

Hi Bob,

Thanks for your reply. I found I had to disable the static content serving to make nginx work, at least in the config I ended up with… Clearly, there are a lot of improvements I can make to our location settings, and nginx is certainly both very powerful and flexible. Spent quite a bit of time reading through the Pitfalls, documentation, etc. The “thing” already listening on port 80 was nginx itself, since the original .conf changes I had tried to duplicate from dhis2.org were still there – once I removed them, my problem went away – but I will remember the netstat trick for next time…

Kind regards,

Jason.

From: Bob Jolliffe [mailto:bobjolliffe@gmail.com]
Sent: 24 March 2014 11:54 AM
To: Jason Phillips
Cc: dhis2-users
Subject: Re: [Dhis2-users] nginx Reverse Proxy Config for Dedicated Web Server with multiple instances

Hi Jason

You can’t fix your problem with nginx config without first addressing your bind error. The error is simple enough - it just means something else is already listening on port 80.

So try this:

sudo netstat -ntlp |grep ‘:80’

which will show you in the last column what exactly is listening on 80. Most probably apache or another nginx.

I am also not in favour of the approach described in our manual for serving static content, but that is something you can look at after. It has two serious downsides that (i) the nginx is bound to the same filesystem as the tomcat application server and (ii) you can only pull that “trick” with one tomcat backend. Both of which are unreasonable. What I prefer and the way it is done in the dhis2-tools is to customize the tomcat web.xml and enable caching on nginx so that all the static content get’s cached - that way nginx effectively will serve them as static files anyway.

Regards

Bob

On 23 March 2014 08:10, Jason Phillips jason@hisp.org wrote:

Hello all,

I am trying to set up nginx as a reverse proxy on a dedicated web server with three instances of Tomcat/DHIS2 (connecting to a dedicated Db Server, successfully configured and checked).

I have been unable to make nginx behave as required, after numerous different configurations, and hours of trawling the ‘Net.

Attempting to following the instructions on dhis2.org resulted in bind errors ([emerg] bind() to 0.0.0.0:80 failed (98: address already in use)), and after several variations I tried setting up a simple reverse proxy following the instructions on howtoforge.com at this link. I now have arrived at the same place, albeit by a slightly different path, and am getting those bind errors again. I have even shut down all three Tomcats and removed and purged Apache (in case it was somehow interfering, which it apparently is not).

The domain dhmis.org has a DNS entry for dhis, za.dhis and train.dhis pointing to the server’s IP.

My current configuration includes a file in /etc/nginx/site-available called “dhmis.org.vhost”, which is linked to the ./sites-enabled folder. Herewith its contents:

server {

    listen 80;

    server_name [www.dhmis.org](http://www.dhmis.org) [dhmis.org](http://dhmis.org); # Have put in [za.dhis.dhmis.org](http://za.dhis.dhmis.org) and variations here…

    root /home/hisp/tomcat-dhis2-1/webapps/zanat/; # Have tried ROOT here too!



    # Serve static content

    location ~ (\.js$|\.css$|\.gif$|\.woff$|\.ttf$|\.eot$|\.ico$|^/images/|^/icons/|^/dhis-web-commons/.*\.png$) {

    add_header  Cache-Control  public;

    expires  7d;

    }



    # Proxy pass to servlet container



    location / {

            proxy_pass [http://localhost:8080/](http://localhost:8080/); # Have added 8080/zanat as variations here…

            include /etc/nginx/proxy_params;

    }

}

What am I doing wrong?

Kind regards,

Jason Phillips

Software & Information Systems

Health Information Systems Programme

Email: jason@hisp.org

Mobile : 072 9737250
Landline: 021 7120170
Fax: 021 7120170
Skype: jason.n.phillips

This message may contain privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity transmitting the message.

This email is free from viruses and malware because avast! Antivirus protection is active.

Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp

This email is free from viruses and malware because avast! Antivirus protection is active.