Customers
User information
 Loading ...
Show article in Knowledge Base

 How do I install and configure a proxy server with VisionFlow? Export knowledge base Export     SubscribeSubscribe      Show article info


A proxy server is only needed if you want to run VisionFlow in a clustered environment or if you want to enable the chat module. We also recommend using a proxy server for security reasons and then placing this in a DMZ (see here for more information about this).

 

The proxy server supported by VisionFlow is Nginx even though other proxy servers can be used if you have experience of these and know how to configure them yourself. However, if you run into any problems or have questions related to other proxy servers, then this is not included in the normal support.

 

NOTE!  It is assumed that Nginx is not installed otherwise make sure to backup configuration files etc. before starting the installation

 

NOTE!  It is assumed that VisionFlow is deployed in webapps\ROOT of the Tomcat installation. 

 

Nginx will run on port 80 (and 443 if using HTTPS) so any other service using this port need to be stopped or reconfigured.

 

1. Install Nginx
  • In Linux:  sudo apt-get install nginx  

  • In Windows: Download and unzip the latest stable release of Nginx from https://nginx.org/en/download.html to a directory of your choice. 

 

 1.a Windows

 

(We denote nginx_root as the directory where Nginx is installed). 

 

  •  Copy all files in in the folder (from VisionFlow webapp in tomcat) WEB-INF/internal_docs/installed version/configuration/clustered/nginx/windows/conf to nginx_root/conf. Note! This will replace the original nginx.conf. 
  • (Windows) copy VisionFlow_proxy.exe and VisionFlow_proxy.xml (in the same directory) to nginx_root (example c:\nginx\).
  • Edit nginx_root/conf/nodes_normal.conf so the root path matches the path to the VisionFlow webapp to one tomcat instance (example c:/tomcat6030/webapps/ROOT). Also change port in the same file if needed. If you are running Tomcat clustered uncomment #iphash and the second server. Paths in a configuration file must be specified in UNIX-style using forward slashes.
    Note if you you are not supporting HTTPS you can remove the second server configuration from nginx_root/conf/nginx.conf (the one that listen on 443) otherwise Nginx will not start until HTTPS is configured (see configure HTTPS below).

 

 

1.b Linux

 

(We denote nginx_root as the directory where Nginx is installed. Typically /etc/nginx). 

 

  •  Copy all files in in the folder (from VisionFlow webapp in tomcat) WEB-INF/internal_docs/installed version/configuration/clustered/nginx/ubuntu/ to nginx_root/
  •  Edit nginx_root/conf/nodes_normal.conf so the root path matches the path to the VisionFlow webapp to one tomcat instance (example /var/lib/tomcat7/ROOT)

 

 

2. Install Nginx as a service (Optional, but recommended)

(Only applies to Windows)

  • Edit nginx_root/VisionFlow_proxy.xml to match the path of your nginx installation. 
  • From a command prompt execute the command: nginx_root\VisionFlow_proxy.exe install (example c:\nginx\VisionFlow_proxy.exe install).

 

 

3. Configure HTTPS  (Optional, but strongly recommended. HTTP connections are unsecure!)

This step is optional or can be configured in later stage. Make sure to comment out (or remove) the HTTPS server configuration from  

       nginx_root/conf/nginx.conf (Windows)

      nginx_root/VisionFlow.conf (linux

 if you are leaving out this part.

 

Nginx expects certificates in the PEM format. If you don't have the certificate in PEM format you need to export the private key and certificates from the keystore. This Tool will help you with the export.

 

3.a. When you have the certificate - Windows:

 

  • Copy the certificate and private key to nginx_root/conf/ (example c:\nginx\conf).
  • In nginx_root/conf/nginx.conf. Change ssl_certificate property to name of your crt file 
    and also change ssl_certificate_key property to the name of your key file.

 

3.b When you have the certificate - Linux:

 

  • Copy the certificate and private key to nginx_root/.
  • In nginx_root/sites-enabled/VisionFlow.conf. Change ssl_certificate property to name of your crt file 
    and also change ssl_certificate_key property to the name of your key file.

  

Important

When using HTTPS it is very important to add the following to Tomcat's server.xml configuration file:

 

<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto"  protocolHeaderHttpsValue="https" />

 

After adding the above line to your server.xml, the end of the file may look somenthing like the below:

 

        <Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" />

      </Host>
    </Engine>
  </Service>
</Server>

   

If you use Tomcat on a separate server from Nginx you will need to add internal proxies on the element as well.

Example when Nginx and Tomcat are on separate servers:

<Valve
className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="192\.168\.0\.10|192\.168\.0\.11"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"

protocolHeaderHttpsValue="https"
/>

 

Replace the value for "internalProxies" with the IP of your Nginx proxy server.

Note: Dots needs to be escaped by preceding it with a \ like in the example above.

 

See the tomcat documentation for more information.

 

 

4. Change maximum file size, for document upload

Add the row below into the nginx_root/conf/nginx.conf file to allow for file sizes > 1 MB:

 

client_max_body_size 1000m; 

 

(This should be added below the the HTTP section in the file, within the brackets for http that is)

 

In addition to this you also need to make the appropriate changes to the struts-config-xml file, see more information about this here...

 

5. Verify

(Linux). Start or restart the service nginx. (Windows). If installed as a service run the service otherwise run nginx_root/nginx.exe


User comments
 Loading ...