Configure Reverse Proxy Using Nginx
The following is an example on how to set up a reverse proxy using nginx
for DLS for your reference. You can do the configuration yourself as long as you can achieve the requirement which is to redirect requests sent to https://www.yoursite.com/dls/*
to http://127.0.0.1:48080/*
.
Install nginx
On CentOs
- Install
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install nginx
- Start
systemctl start nginx.server
- Configure the web server to start with the OS
systemctl enable nginx.server
On Ubuntu
sudo apt install nginx-full
sudo systemctl start nginx
sudo systemctl enable nginx
Test nginx
Open “http://localhost” in a browser. If nginx
was installed and started successfully, you should see a message like
······ Welcome to nginx! ······
Configure nginx
Open the configuration file
The file could either be /etc/nginx/conf.d/default.conf
or /etc/nginx/sites-enabled/default
.
Add reverse proxy
location /dls/ {
proxy_pass http://127.0.0.1:48080/;
}
Restart the server
sudo systemctl restart nginx
At this point, you can access the server with the URL http://localhost/dls/page/index.html#/
or http://<IP or www.yoursite.com>/dls/page/index.html#/
.
Configure SSL
For security, we should access DLS via HTTPS.
Self-signed Certificate
For demoing and testing purposes, we can try the self-signed certificate when configuring nginx
by uncommenting the 3 lines as shown below.
server {
...
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
include snippets/snakeoil.conf;
...
}
If your system doesn’t have the self-signed certificate. You can install it like this
sudo apt-get install ssl-cert
sudo make-ssl-cert generage-default-snakeoil
Your client needs to be configured to trust that self-signed certificate. For example, if you are running a web application, you can open the page https://<IP or www.yoursite.com>/dls/page/index.html#/
in the browser and do the following
- Page shows warning about the self-signed certificate
- Click
Advanced
- Click
Proceed to xxxx (unsafe)
.
Then this self-signed certificate will be trusted temporarily for some time.
NOTE that you should avoid using self-signed certificates in your production server.
Trusted Certificate
You can get a trusted certificate from many suppliers.
e.g. You can get a free one from certbot.
If you use a JavaScript-based SDK, such as Dynamic Web TWAIN WebAssembly Edition or Dynamsoft Barcode Reader JavaScript Edition, you must configure the self-hosted DLS to run over a secure connection (HTTPS).