Skip to main content

Proxy Configuration

To ensure that your HAP system is not directly exposing service ports to the internet, we strongly recommend further configuring Nginx proxy after deploying the system. This can greatly enhance the security of the system and meet the needs of users requiring certificates, who can refer to relevant documentation for configuration. Additionally, Nginx proxy can also provide load balancing and reverse proxy, improving the system's availability and stability.

  1. Download the Nginx installation package.

    wget https://pdpublic.nocoly.com/offline/common/Nginx1.22.0-glibc2.17.tar.gz
  2. Unpack the Nginx installation package to the installation directory.

    tar -zxvf Nginx1.22.0-glibc2.17.tar.gz -C /usr/local/
  3. Create storage directories for configuration and logs.

    mkdir -p /usr/local/Nginx/conf/conf.d /data/logs/weblogs/
  4. Write the main Nginx configuration file.

    cat > /usr/local/Nginx/conf/Nginx.conf <<EOF
    user nobody;
    worker_processes auto;
    worker_cpu_affinity auto;
    worker_rlimit_nofile 204800;
    pid Nginx.pid;
    events {
    use epoll;
    worker_connections 20480;
    }
    http {
    include mime.types;
    default_type application/octet-stream;
    server_tokens off;

    log_format main "\$http_x_forwarded_for | \$time_local | \$request | \$status | \$body_bytes_sent | "
    "\$request_body | \$content_length | \$http_referer | \$http_user_agent | "
    "\$http_cookie | \$remote_addr | \$hostname | \$upstream_addr | \$upstream_response_time | \$request_time";

    server_names_hash_bucket_size 128;
    client_header_buffer_size 8k;
    client_max_body_size 10M;
    large_client_header_buffers 4 32k;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    proxy_buffer_size 64k;
    proxy_buffers 4 128k;
    keepalive_timeout 10;
    open_file_cache max=102400 inactive=60s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 1;
    resolver_timeout 10s;
    underscores_in_headers on;

    gzip on;
    gzip_proxied any;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_min_length 1024;
    gzip_comp_level 8;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png;
    proxy_http_version 1.1;
    include conf.d/*.conf;
    }
    EOF
  5. Configure the host proxy file.(Put the following configuration files in the directory /usr/local/Nginx/conf/conf.d/)

    HTTP Configuration File

    HTTPS Configuration File

  6. Start Nginx.

    Check the format of the Nginx configuration file.

    /usr/local/Nginx/sbin/Nginx -t

    Start Nginx.

    /usr/local/Nginx/sbin/Nginx
  7. Set up auto-start on boot.

    echo "/usr/local/Nginx/sbin/Nginx" >> /etc/rc.local
    chmod +x /etc/rc.d/rc.local

Scheduled rotation of Nginx logs

  1. Create directories for configuration files and old logs.

    mkdir -p /usr/local/logrotate-config
    mkdir -p /data/logs/weblogs/oldlogs
  2. Create a configuration file.

    cat > /usr/local/logrotate-config/Nginx <<EOF
    /data/logs/weblogs/*.log {
    create 0664 nobody root
    daily
    dateext
    dateformat -%Y-%m-%d
    dateyesterday
    rotate 180
    missingok
    ifempty
    compress
    delaycompress
    olddir /data/logs/weblogs/oldlogs
    sharedscripts
    postrotate
    /bin/kill -USR1 \`cat /usr/local/Nginx/Nginx.pid 2>/dev/null\` 2>/dev/null || true
    endscript
    }
    EOF
  3. Check the configuration file.

    logrotate -d -f /usr/local/logrotate-config/Nginx
    • Pay attention to debug outputs; further action is needed if errors are encountered.
  4. Execute crontab -e and add the following scheduled tasks to the configuration.

    # Use Logrotate Cut Nginx Logs 
    0 0 * * * /usr/sbin/logrotate -f /usr/local/logrotate-config/Nginx >/dev/null 2>&1