Setting up nginx in dhis2

Hello Team
Am trying to set up NGINX in my dhis2 instance but if fails . Kindly assist where necessary.
Kindly check my NGNIX CONFIG

}
http {
  gzip on; # Enables compression, incl Web API content-types
  gzip_types
    "application/json;charset=utf-8" application/json
    "application/javascript;charset=utf-8" application/javascript text/javascript
    "application/xml;charset=utf-8" application/xml text/xml
    "text/css;charset=utf-8" text/css
    "text/plain;charset=utf-8" text/plain;

  server {
    listen               80;
    root  /home/dhis/tomcat/webapps/ROOT; # Update path!
    client_max_body_size 10M;

    # Serve static files

    location ~ (\.js|\.css|\.gif|\.woff|\.ttf|\.eot|\.ico|(/dhis-web-commons/|/images/|/icons/).*\.png)$ {
      add_header  Cache-Control public;
      expires     14d;
    }

    # Proxy pass to servlet container

    location / {
      proxy_pass                http://localhost:8080/;
      proxy_redirect            off;
      proxy_set_header          Host               $host;
      proxy_set_header          X-Real-IP          $remote_addr;
      proxy_set_header          X-Forwarded-For    $proxy_add_x_forwarded_for;
      proxy_set_header          X-Forwarded-Proto  http;
      proxy_buffer_size         128k;
      proxy_buffers             8 128k;
      proxy_busy_buffers_size   256k;
    }
  }
}

This my server.xml

<Connector address="localhost" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443"
		relaxedQueryChars="[]" />
    <!-- A "Connector" using the shared thread pool-->

Hello.

Why does it fail? What are the errors you are getting? Have you checked the nginx logs?

Nginx is generally used with DHIS2 as a Reverse Proxy (please read: https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/). This means that it will get the requests from your clients and forward it to your Tomcat instance.

Your clients will usually be accessing to NGINX on ports 80 (for http requests), 443 (for https requests) or to the specific port if included in the request (http(s)://whatever:port).

So what you basically need to do is make sure that:

If your clients are going to be accessing the instance from an outside network (that is not a LAN) using HTTPS is extremely recommended (I would even be stricter and say mandatory). Also in case of a LAN, to be honest. So, you probably want to go a step further in your NGINX configuration to set up SSL certificates (for this you will need a domain name which in case of being in a network controller environment you might be able to create yourself; if not, you will need to get a domain from a domain provider and buy an SSL certificate or use the LetsEncrypt free option).

Best.

Hello @jaime.bosque @Edward_Robinson
Am trying to set up a reverse proxy via NGINX on my dhis2 instance using this instruction https://docs.dhis2.org/master/en/implementer/html/install_reverse_proxy_configuration.html but am getting an error when I access my instance through this ip address http://1.1.123.240 it does show the dashboard
But when I use the IP address using port 8080 (http://1.1.123.240:8080) it works fine
kindly assist where necessary.
I have attached my NGINX configuration below.

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
  gzip on; # Enables compression, incl Web API content-types
  gzip_types
    "application/json;charset=utf-8" application/json
    "application/javascript;charset=utf-8" application/javascript text/javascript
    "application/xml;charset=utf-8" application/xml text/xml
    "text/css;charset=utf-8" text/css
    "text/plain;charset=utf-8" text/plain;

  server {
    listen               80;
    root      /home/dhis/tomcat-dhis/webapps/ROOT; # Update path!
    client_max_body_size 10M;

    # Serve static files

    location ~ (\.js|\.css|\.gif|\.woff|\.ttf|\.eot|\.ico|(/dhis-web-commons/|/images/|/icons/).*\.png)$ {
      add_header  Cache-Control public;
      expires     14d;
    }

    # Proxy pass to servlet container

    location / {
      proxy_pass                http://localhost:8080/;
      proxy_redirect            off;
      proxy_set_header          Host               $host;
      proxy_set_header          X-Real-IP          $remote_addr;
      proxy_set_header          X-Forwarded-For    $proxy_add_x_forwarded_for;
      proxy_set_header          X-Forwarded-Proto  http;
      proxy_buffer_size         128k;
      proxy_buffers             8 128k;
      proxy_busy_buffers_size   256k;
    }
  }
}




#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
# 
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

HI @Kenyuri. In your message it is not clear if you can access directly with the IP or not.

Anyway, your nginx configuration seems to be wrong, please copy and paste the one suggested in the official documentation: https://docs.dhis2.org/2.34/en/dhis2_system_administration_guide/installation.html#tomcat-and-dhis2-installation You will see there is no server.root as you are proxying your connections.

Can you please try changing that and restarting nginx? Also, check your nginx logs to see what might be going on.

Cheers.

1 Like

Hi @jaime.bosque, Thank you so much for your assistance. Its now working perfectly.

1 Like

Happy to read that. :slight_smile: