Updated on 2024-09-23 GMT+08:00

Installing and Configuring Nginx on the Proxy Server

Nginx forwards requests from a third-party server to the HSS management console.

Installing and Configuring Nginx on the Proxy Server

  1. Log in to the proxy server.
  2. Check the Yum repository.

    Check whether the Nginx software package exists in the Yum repository. If the Nginx software package does not exist, configure the Yum repository and bind the public IP address temporarily. After the installation is complete, unbind the public IP address.

    Remotely log in to the proxy server and run the following command to check whether the Nginx package exists in the Yum repository:

    • For EulerOS, CentOS and Red Hat, or other OSs that support RPM installation, run the yum list nginx command.
    • For OSs that support DEB installation, such as Ubuntu and Debian, run the apt list nginx command.
    If the information shown in The Nginx package exists (rpm) or The Nginx package exists (deb) is displayed, the Nginx package exists.
    Figure 1 The Nginx package exists (rpm)
    Figure 2 The Nginx package exists (deb)

  3. Installing Nginx

    1. Run the following command to install Nginx using Yum:
      • For EulerOS, CentOS and Red Hat, or other OSs that support RPM installation, run the yum install -y nginx command.
      • For OSs that support DEB installation, such as Ubuntu and Debian, run the apt install –y nginx command.
      Figure 3 Installing Nginx (yum)
      Figure 4 Installing Nginx (apt)
    2. Check whether the Nginx installation is successful.
      • For OSs that support RPM installation, such as EulerOS, CentOS, and Red Hat,
        the installation is automatically performed. If Complete! shown in Nginx installed successfully (rpm) is displayed, the installation is successful.
        Figure 5 Nginx installed successfully (rpm)
      • For OSs that support DEB installation, such as Ubuntu and Debian.

        Run the pkg –l nginx command. If the command output shown in Nginx installed successfully (deb) is displayed, the installation is successful.

        Figure 6 Nginx installed successfully (deb)

  4. Configuring CloudNginx

    1. Run the following command to go to the Nginx directory:

      cd /etc/nginx/

    2. Run the following command to sign the certificate:

      openssl req -new -x509 -nodes -out server.pem -keyout server.key -days 36500

      After the command is executed, enter the certificate information.

      Figure 7 Self-signed certificate

      The value of Country Name can contain only two characters.

    3. Run the following command to modify nginx.conf:
      1. Run the following command to modify nginx.conf:

        rm -f nginx.conf

        vi nginx.conf

      2. Press i to enter the editing mode and copy the following content to the nginx.conf file:
        user nginx;
        worker_processes auto;
        error_log /var/log/nginx/error.log;
        pid /run/nginx.pid;
        
        include /usr/share/nginx/modules/*.conf;
        
        events {
            worker_connections 1024;
        }
        
        http {
            log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                              '$status $body_bytes_sent "$http_referer" '
                              '"$http_user_agent" "$http_x_forwarded_for"';
        
            access_log  /var/log/nginx/access.log  main;
        
            sendfile            on;
            tcp_nopush          on;
            tcp_nodelay         on;
            keepalive_timeout   65;
            types_hash_max_size 2048;
        
            include             /etc/nginx/mime.types;
            default_type        application/octet-stream;
        
            # Load modular configuration files from the /etc/nginx/conf.d directory.
            # for more information.
            include /etc/nginx/conf.d/*.conf;
        
            upstream backend_hss {
                server ADDR:10180;
            }
        
            server {
                listen  10180;
        
                server_name  ADDR;
                root         /usr/share/nginx/html;
        
                # Load configuration files for the default server block.
                include /etc/nginx/default.d/*.conf;
        
                ssl    on;
                ssl_protocols   TLSv1.2;
                ssl_certificate "server.pem";
                ssl_certificate_key "server.key";
                ssl_session_cache shared:SSL:10m;
                ssl_session_timeout  10m;
                ssl_prefer_server_ciphers on;
        
                location / {
        
                    limit_except GET POST PUT
                    {
                        deny all;
                    }
                    proxy_set_header Host ADDR;
                    proxy_pass https://backend_hss;
        
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "upgrade";
        
               }
        
                error_page 404 /404.html;
                    location = /40x.html {
                }
        
                error_page 500 502 503 504 /50x.html;
                    location = /50x.html {
                }
            }
        }
      3. Optional: Enter ECS, run the following command, and press Enter to exit.

        :wq!

      4. Run the following command to automatically replace the IP address in the nginx.conf file:

        sed -i "s#ADDR#`cat /usr/local/hostguard/conf/connect.conf | grep master_address | cut -d '=' -f 2 | cut -d ':' -f 1`#g" nginx.conf

    4. Perform the following operations to create the Nginx monitoring script: After the creation is complete, the Nginx running status is checked every minute.
      1. Perform the following commands to create the Nginx monitoring script:

        echo '*/1 * * * * root sh /etc/nginx/nginx_monitor.sh' >> /etc/crontab

        vi /etc/nginx/nginx_monitor.sh

        Figure 8 Creating an Nginx monitoring script
      2. Copy the following content to nginx_monitor.sh:
        #!/bin/bash
        counter=$(ps -C nginx --no-heading|wc -l)
        if [ "${counter}" = "0"  ]; then
             systemctl start nginx.service
        fi
        Figure 9 Configuring nginx_monitor.sh
      3. Enter ECS, run the following command, and press Enter to exit.

        :wq!

    5. Wait 1 minute and run the following command to check whether the Nginx process has been started successfully:

      ps -ef | grep nginx

      If the command output shown in Nginx process started successfully is displayed, the Nginx process is started. Perform the Creating an Agent Installation Package or Installation Commands Using a Proxy Server.

      Figure 10 Nginx process started successfully