HTTP and HTTPS Proxy Configuration Guide

The standalone version supports HTTPS access

1. Prepare

• Layer 7 proxy (Nginx, LB, etc.)

• Access domain name and certificate

2. Operate

1. Run cd /data/tencent/weda to switch to the installation directory;

2. Run vim config.yaml to edit the config.yaml file;

3. Modify the config.yaml file as follows:

domainProtocol: https <Protocol name: replace with http or https based on actual conditions>
domain: <replace with the domain name>
domainPort: 443 <Fill in based on actual conditions: 80 for http or 443 for https>
serverPort: 8080 <WeDa deployment port; must be an available port that meets the requirements>

4. Run ./upgrade.sh in the current directory to restart the service and apply the configuration changes

5. Configure proxy forwarding (taking Nginx as an example here; configure certificates for the LB based on actual environment, then forward to http://<VM IP>:8080.)

5.1 Configuration for http Access

nginx.conf

# Global Configuration
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Event Module Configuration
events {
    worker_connections 1024;
}

# HTTP Module Configuration
http {
    # MIME Type Mapping
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Log Format
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    # Access Log
    access_log /var/log/nginx/access.log main;

    # Gzip Compression
    gzip on;
    gzip_comp_level 5;
    gzip_min_length 256;
    gzip_proxied any;

    # body size must be configured, otherwise application deployment will fail
    client_max_body_size 500m;
    client_body_buffer_size 10m;
    gzip_types application/javascript application/json application/xml
               application/xhtml+xml text/css text/plain text/xml;

    server {
        listen 80;
        server_name <replace with the access domain name>; # <- Change this to match server_name above

        # Root Path Proxy
        location / {
            proxy_pass http://<replace with VM IP address>:<WeDa deployment port>; # <== WeDa service IP
            proxy_set_header X-Forwarded-Proto $scheme; # Critical: passing the original protocol,
            proxy_set_header Host       $http_host;
        }
    }
}

5.2 Configuration for https Access

5.2.1 Configuration Update

Simply replace the server block in the nginx.conf configuration in section 5.1 with:

server {
        listen 443 ssl;
        server_name <replace with the access domain name>; # <- Change this to match server_name above

        # SSL Certificate and Private Key
        ssl_certificate /etc/nginx/certs/server.crt; # <- Change this to your .crt file name
        ssl_certificate_key /etc/nginx/certs/server.key; # <- Change this to your .key file name

        # Root Path Proxy
        location / {
            proxy_pass http://<replace with VM IP address>:8080; # <== weda service IP
            proxy_set_header X-Forwarded-Proto $scheme; # Critical: passing the original protocol,
            proxy_set_header Host       $http_host;
        }
    }

5.2.2 Certificate Storage

Store the certificate in the path below:

/etc/nginx
    ├── certs
    │   ├── server.cert
    │   └── server.key
    └── nginx.conf

6. After the rules are configured and domain name resolution is set up, you can access it using <protocol>://<access domain>:

When the protocol is http: the access address is: http://<access domain>

When the protocol is https: the access address is: https://<access domain>

12 projects/9 projects