Versions Compared

Version Old Version 13 New Version 14
Changes made by

Chris Welford

Chris Welford

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you do not use Certbot, skip the section Install certificate using Certbot below, and follow instructions appropriate for your CA.

Installing with apt

The instructions below are based on installation on a Debian-based distubution of linux, and use the apt command. If you are installing on a RedHat-based distribution of linux, the equivalent yum commands for NGINX installation are well documented on the web.

Single server, single PhixFlow

The following instructions assume that NGINX is installed on the same server as PhixFlow itself (i.e. the same server as the tomcat installation), and with a single installation of PhixFlow (a “webapp”). If you have multiple webapps on a single server, mutliple webapps across several several servers, or a single webapp on a different server from the reverse proxy, see Multiple PhixFlows, multiple servers below.

Install NGINX

Install NGINX from the repository

  1. Run sudo apt install curl gnupg2 ca-certificates lsb-release to install the prerequisites.

  2. Run the following to set up the repository for mainline packages:

    Code Block
    echo "deb http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list

  3. Run curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - to import an official NGINX signing key so apt can verify the package's authenticity.

  4. Run sudo apt-key fingerprint ABF5BD827BD9BF62 to verify you have the proper key - the output should contain the full fingerprint: 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62.

  5. Run sudo apt update and sudo apt install nginx.

...

Anchor
installCertificateUsingCertbot
installCertificateUsingCertbot
Install certificate using Certbot

...

Code Block
sudo service nginx restart

Anchor
nginxMultipleServerMultiplePhixFlow
nginxMultipleServerMultiplePhixFlow
Multiple PhixFlows, multiple servers

A single reverse proxy can handle connections to different webapps (i.e. installations of PhixFlow), whether these are hosted on a single server, or across several servers. See *** for common network configuration for PhixFlow installation. However, whichever configruation you choose, the configuration is the same: you need an IP address and a webapp name to define each PhixFlow installation.

Note that, since NGINX is acting as the the point of SSL termination, that if you specify a PhixFlow installation at an IP address, you must make sure that the route from the reverse proxy to the PhixFlow installation is secure. The suggested configurations in *** will provide this since traffic is sent within a private network.

In the following example, a single reverse proxy on a dedicated server is handling incoming connections to:

System name

Server IP address

Webapp name

Production

10.154.0.12

prod, installed at: /opt/tomcat/webapps/prod

UAT

10.154.0.13

uat, installed at: /opt/tomcat/webapps/uat

Dev 1

10.154.0.14

dev1, installed at /opt/tomcat/webapps/dev1

Dev 2

10.154.0.14

dev2, installed at /opt/tomcat/webapps/dev2

To support connections to all these systems replace the directive

Code Block
    location / {
        proxy_pass http://127.0.0.1:8080;
    }

in the example phixflow.conf file above with:

Code Block
    location /prod {
        proxy_pass http://10.154.0.12:8080;
    }

    location /uat {
        proxy_pass http://10.154.0.13:8080;
    }

    location /dev1 {
        proxy_pass http://10.154.0.14:8080;
    }
    
    location /dev2 {
        proxy_pass http://10.154.0.14:8080;
    }

Switching NGINX from stable branch to mainline

...