Help Center> Host Security Service (New)> Best Practices> HSS Multi-Cloud Management and Deployment> Connecting Off-cloud Servers to the Public Cloud Through Direct Connect> Step 3: Installing and Configuring Nginx
Updated on 2023-02-23 GMT+08:00
View PDF

Step 3: Installing and Configuring Nginx

Nginx forwards requests from off-cloud servers to the HSS management console.

Preparation: Checking the Yum Repository

Check whether the Nginx software package exists in the Yum repository. If the Nginx software package does not exist, configure the Yum repository and bind the public IP address temporarily. After the installation is complete, unbind the public IP address.

  1. Remotely log in to the proxy server and run the following command to check whether the Nginx package exists in the Yum repository:

    yum list nginx

  2. If the information shown in Figure 1 is displayed, the Nginx package exists.

    Figure 1 The Nginx package exists

Installing Nginx

  1. Run the following command to install Nginx using Yum:

    yum install -y nginx

    Figure 2 Installing Nginx

  2. Nginx is automatically installed. If Complete! shown in Figure 3 is displayed, the installation is successful.

    Figure 3 Nginx installed successfully

Configuring Nginx

  1. Run the following command to go to the Nginx directory:

    cd /etc/nginx/

  2. Run the following command to sign the certificate:

    openssl req -new -x509 -nodes -out server.pem -keyout server.key -days 36500

    After the command is executed, enter the certificate information.

    Figure 4 Self-signed certificate

    The value of Country Name can contain only two characters.

  3. Run the following command to modify nginx.conf:

    vi nginx.conf

  4. Configure upstream. Find server under http and add the following information above server:

    upstream backend_hss {

    server ADDR:10180;

    }

    Figure 5 Configuring upstream

  5. Configure server. Retain one listen record under the listening port and change the value to 10180. Change the value of server_name to ADDR.

    Figure 6 Configuring server

  6. Add the following information under server to enable SSL authentication:

    ssl on;

    ssl_protocols TLSv1.2;

    ssl_certificate "server.pem";

    ssl_certificate_key "server.key";

    ssl_session_cache shared:ssl:10m;

    ssl_session_timeout 10m;

    ssl_prefer_server_ciphers on;

    Figure 7 Enabling SSL authentication

  7. Configure location. Find location under server and add the following information to {} under location:

    limit_except GET POST PUT

    {

    deny all;

    }

    proxy_set_header Host ADDR;

    proxy_pass https://backend_hss;

    proxy_set_header Upgrade $http_upgrade;

    proxy_set_header Connection "upgrade";

    Figure 8 Configuring location

  8. Optional: Enter ECS, run the following command, and press Enter to exit.

    :wq!

    Figure 9 Saving the settings and exiting

  9. Run the following commands in sequence to start Nginx:

    sed -i "s#ADDR#`cat /usr/local/hostguard/conf/connect.conf | grep master_address | cut -d '=' -f 2 | cut -d ':' -f 1`#g" nginx.conf

    echo '*/10 * * * * root systemctl start nginx' >> /etc/crontab

    systemctl start nginx