HTTP and HTTPS Proxy Configuration Guide
This document describes how to configure HTTP and HTTPS proxy access for the WeDa Low-Code Platform, supporting secure HTTPS access through Layer 7 proxies such as Nginx.
1. Environment Preparation
Before starting the configuration, ensure the following conditions are met:
1.1 Basic Environment
- Layer 7 Proxy Server: Nginx, Apache, or Load Balancer (LB)
- Access Domain: A registered domain with completed DNS resolution configuration
- SSL Certificate: Valid SSL certificate files (.crt and .key files)
1.2 Network Requirements
- Proxy server can access the WeDa server
- Firewall has opened corresponding ports (80, 443, 8080, etc.)
- Domain DNS resolution points to the proxy server IP
2. WeDa Platform Configuration
2.1 Modify Configuration File
Enter Installation Directory
cd /data/tencent/wedaEdit Configuration File
vim config.yamlUpdate Configuration Parameters
# Access protocol (http or https)
domainProtocol: https
# Access domain
domain: your-domain.com
# External access port (http: 80, https: 443)
domainPort: 443
# WeDa service internal port (ensure port is not occupied)
serverPort: 8080
2.2 Apply Configuration
# Restart service to apply configuration
./upgrade.sh
Configuration Description
domainProtocol: Choose http or https based on actual needsdomain: Fill in the actual access domaindomainPort: Use 80 for HTTP, 443 for HTTPSserverPort: WeDa internal service port, default 8080
3. Nginx Proxy Configuration
3.1 HTTP Access Configuration
Complete Configuration File Example
Create or edit /etc/nginx/nginx.conf file:
# Global configuration
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
# Event module configuration
events {
worker_connections 1024;
}
# HTTP module configuration
http {
# MIME type mapping
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Log format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# Access log
access_log /var/log/nginx/access.log main;
# Gzip compression configuration
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_types application/javascript application/json application/xml
application/xhtml+xml text/css text/plain text/xml;
# Client request configuration (Important: Support large file uploads)
client_max_body_size 500m; # Maximum allowed size of client request body (file upload limit)
client_body_buffer_size 10m; # Buffer size for reading client request body
# HTTP server configuration
server {
listen 80;
server_name your-domain.com; # Replace with your actual domain name
# Proxy configuration
location / {
proxy_pass http://192.168.1.100:8080; # Replace with your WeDa server IP and port
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
3.2 HTTPS Access Configuration
SSL Certificate Preparation
Create Certificate Directory
mkdir -p /etc/nginx/certsUpload Certificate Files
# Upload certificate files to the specified directory
/etc/nginx/certs/
├── server.crt # SSL certificate file
└── server.key # SSL private key file
HTTPS Server Configuration
Replace the server block in the above nginx.conf with:
server {
listen 443 ssl http2;
server_name your-domain.com; # Replace with your actual domain name
# SSL certificate configuration
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
# SSL security configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Proxy configuration
location / {
proxy_pass http://192.168.1.100:8080; # Replace with your WeDa server IP and port
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# HTTP redirect to HTTPS (optional)
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
3.3 Key Configuration Parameters Explanation
Client Request Configuration
client_max_body_size 500m: Sets the maximum allowed size of client request body (file upload limit)- Default: 1m
- Recommended: 500m for WeDa platform to support large file uploads
- Adjust based on your file upload requirements
client_body_buffer_size 10m: Sets the buffer size for reading client request body- Default: 8k or 16k (depends on platform)
- Recommended: 10m for better performance with large files
- Helps prevent memory issues during large file uploads
Server Configuration
server_name your-domain.com: Specifies the domain name for this server block- Replace with your actual domain name
- Must match the domain used for SSL certificate (for HTTPS)
- Supports wildcards (e.g.,
*.example.com) and multiple domains
Proxy Configuration
proxy_pass http://192.168.1.100:8080: Defines the backend server address- Replace
192.168.1.100with your WeDa server IP address - Replace
8080with your WeDa service port (configured in config.yaml) - Use HTTP protocol even for HTTPS frontend (SSL termination at proxy)
- Replace
Proxy Headers (Essential for proper functionality)
proxy_set_header X-Forwarded-Proto $scheme: Passes the original protocol (http/https)proxy_set_header Host $http_host: Preserves the original Host headerproxy_set_header X-Real-IP $remote_addr: Passes the real client IP addressproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for: Maintains the complete proxy chain
4. Configuration Verification and Testing
4.1 Nginx Configuration Verification
# Check configuration file syntax
nginx -t
# Reload configuration
nginx -s reload
# If Nginx is installed via package manager and registered as systemd service, use the following systemctl commands:
# Restart Nginx service process
systemctl restart nginx
# Enable Nginx service auto-start on boot
systemctl enable nginx
4.2 Access Testing
After configuration is complete, access the platform through:
- HTTP Access:
http://your-domain.com - HTTPS Access:
https://your-domain.com
4.3 Function Verification
- Basic Access: Confirm that the platform homepage opens normally
- Login Test: Verify that user login functionality works properly
- File Upload: Test large file upload functionality
- SSL Certificate: Use browser to check SSL certificate status
5. Common Issues and Solutions
5.1 Proxy Configuration Issues
Issue: 502 Bad Gateway error when accessing
Solutions:
- Check if WeDa service is running normally
- Verify that the proxy server can access WeDa server IP and port
- Confirm firewall rules are configured correctly
5.2 SSL Certificate Issues
Issue: Certificate error when accessing HTTPS
Solutions:
- Confirm certificate file path is correct
- Check if certificate has expired
- Verify certificate domain matches access domain
5.3 File Upload Issues
Issue: Large file upload fails
Solutions:
- Confirm
client_max_body_sizeconfiguration is large enough - Check
client_body_buffer_sizesettings - Verify sufficient disk space
6. Security Recommendations
6.1 SSL Security Configuration
- Use strong encryption algorithms and protocol versions
- Regularly update SSL certificates
- Enable HSTS (HTTP Strict Transport Security)
6.2 Access Control
- Configure appropriate firewall rules
- Limit unnecessary port access
- Enable access log monitoring
6.3 Performance Optimization
- Enable Gzip compression to reduce transfer size
- Configure appropriate caching strategies
- Use HTTP/2 to improve performance
7. Load Balancer Configuration
If using cloud service provider load balancers (such as Tencent Cloud CLB, Alibaba Cloud SLB), configuration points:
- Backend Server: Point to WeDa server IP:8080
- Health Check: Configure appropriate health check path
- SSL Termination: Configure SSL certificate at load balancer level
- Session Persistence: Configure session persistence policy as needed