UGC | Version 4

Reverse Proxy

Configure a reverse proxy in front of UGC applications.

It is advisable to operate UGC behind a reverse proxy, e.g. for load balancing, authentication or SSL termination. When using the UGC multimedia service, it is necessary to use a reverse proxy to distribute requests between the applications.

We provide example configurations for Nginx and Apache HTTP Server below. We use the following environment variables:

Environment variables
VariableDescription
PROXY_PORTport of the reverse proxy
WEBAPP_PORTport of UGC Webapp
MULTIMEDIA_PORTport of UGC multimedia service
DEMO_HOSThost name running UGC-demo example webapp (not needed in production).
DEMO_PORTport of the UGC-demo (not needed in production)
DEMO_PATHpath to UGC-demo (not needed in production)

Replace ugc-webapp and ugc-multimedia by the host names of UGC Webapp and UGC multimedia service, respectively.

Requests to the websocket endpoints /websocket/commentsAndImages and /websocket/multimedia need to have the Upgrade and Connection headers. The Apache module proxy_wstunnel_module is used for that purpose. In the Nginx configuration, the headers are set explicitly.

In order to use Swagger UI behind the reverse proxy, it is necessary to set the property server.forward-headers-strategy to FRAMEWORK.

Nginx

server {
  listen ${PROXY_PORT};
  client_max_body_size 100M;


  ##############
  # Basic Auth #
  ##############

  auth_basic "UGC Protected";
  auth_basic_user_file "/.htpasswd";
  add_header Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform";
  add_header Pragma "no-cache";


  ##############
  # UGC Webapp #
  ##############

  # Pass to UGC Webapp as default
  location / {
    proxy_pass http://ugc-webapp:${WEBAPP_PORT}/;
	proxy_set_header X-Forwarded-Host $host:${PROXY_PORT}; 
  }

  # Websocket
  location /websocket/commentsAndImages {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://ugc-webapp:${WEBAPP_PORT}/websocket/commentsAndImages;
  }


  ##########################
  # UGC Multimedia Service #
  ##########################

  # Private endoints
  location /secure/binary {
    proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary;
  }
  location /secure/multimedia {
    proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia;
  }

  # Public endpoints
  location /public {
    # Disable basic auth for public endpoints
    auth_basic off;

    location /public/binary {
      proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary;
    }
    location /public/multimedia {
      proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia;
    }
  }

  # Websocket
  location /websocket/multimedia {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/websocket/multimedia;
  }


  ############
  # UGC Demo #
  ############

  location /${DEMO_PATH} {
    # Disable basic auth for UGC Demo
    auth_basic off;

    proxy_pass http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}/;
  }
}

Apache HTTP Server

# Required modules: mod_headers, mod_log_config, mod_proxy, mod_proxy_http, mod_proxy_wstunnel
LoadModule headers_module modules/mod_headers.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

<VirtualHost *:${PROXY_PORT}>

  ProxyRequests Off
  ProxyVia On

  Options Includes ExecCGI FollowSymLinks

  <IfModule mod_headers.c>
    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
    Header set Pragma "no-cache"
  </IfModule>

  ##############
  # Basic Auth #
  ##############

  <Location / >
    AuthType Basic
    AuthName "Password Required"
    AuthUserFile /htpasswd
    Require valid-user
  </Location>

  # Disable basic auth for public endpoints
  <Location /public >
    Satisfy any
  </Location>

  # Disable basic auth for UGC Demo
  <Location /${DEMO_PATH} >
    Satisfy any
  </Location>

  ##############
  # UGC Webapp #
  ##############

  # Pass to UGC Webapp as default
  <Location / >
    ProxyPass http://ugc-webapp:${WEBAPP_PORT}/
    ProxyPassReverse http://ugc-webapp:${WEBAPP_PORT}/
  </Location>

  # Websocket
  <Location /websocket/commentsAndImages >
    ProxyPass ws://ugc-webapp:${WEBAPP_PORT}/websocket
    ProxyPassReverse ws://ugc-webapp:${WEBAPP_PORT}/websocket/commentsAndImages
  </Location>


  ##########################
  # UGC Multimedia Service #
  ##########################

  # Private endoints
  <Location /secure/binary >
    ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary
    ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary
  </Location>
  <Location /secure/multimedia >
    ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia
    ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia
  </Location>

  # Public endpoints
  <Location /public/binary >
    ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary
    ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary
  </Location>
  <Location /public/multimedia >
    ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia
    ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia
  </Location>

  # Websocket
  <Location /websocket/multimedia >
    ProxyPass ws://ugc-multimedia:${MULTIMEDIA_PORT}/websocket
    ProxyPassReverse ws://ugc-multimedia:${MULTIMEDIA_PORT}/websocket/multimedia
  </Location>


  ############
  # UGC Demo #
  ############

  <Location /${DEMO_PATH} >
    ProxyPass http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}
    ProxyPassReverse http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}
  </Location>

</VirtualHost>

Last modified on 6/22/22

The content of this page is licensed under the CC BY 4.0 License. Code samples are licensed under the MIT License.

Icon