Setup NGINX as Proxy Forward and Load Balancer

You can use NGINX to proxy all requests for port 80 to 8080 or setup a Load Balancer across multiple EnterMediaDB instances. In CentOS 7, install NGINX from Entermedia's public Github repository. This version will have an NGINX module that adds a sticky cookie to always forward to the same upstream server:

 

1. Enable the EnterMedia RPM repository

2. Install our custom NGINX build that includes a sticky load balancing code snippet that can be found here.

 $ sudo yum clean all $ sudo yum -y remove nginx $ sudo yum -y install nginx $ sudo systemctl enable nginx 

3. Now, create a configuration file:

 $ sudo vi /etc/nginx/conf.d/entermedia.conf

4. Put this content in the file replacing your own config:

 server { listen 80; server_name *.domain.com domain.com; // X-Frame protection add_header X-Frame-Options "DENY"; add_header Content-Security-Policy "frame-ancestors 'none'"; location / { proxy_max_temp_file_size 2048m; proxy_read_timeout 1200s; proxy_send_timeout 1200s; proxy_connect_timeout 1200s; client_max_body_size 100G; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_pass http://entermedianode01; } } upstream entermedianode01 { server 172.18.0.100:8080; }

5. Delete any default NGINX configuration files:

 $ sudo rm /etc/nginx/conf.d/default.conf

6. Reload NGINX:

 $ sudo nginx -s reload 

Test it:

 $ curl http://xyz.domain.com/

7. Block access to port 8080 for external clients:

 $ sudo /sbin/iptables -A INPUT -p tcp -i eth0 --dport 8080 -j REJECT --reject-with tcp-reset

8. Make sure NGINX autostarts on server reboot:

 $ chkconfig nginx on

9. On RHEL or CentOS systems with SELinux activated, you need to edit permissions to allow HTTPD scripts to access the network:

 $ sudo setsebool -P httpd_can_network_connect 1