UGC 3

Reverse Proxy

Configure a reverse proxy in front of UGC applications.

It is advisable to operate UGC behind a reverse proxy, e.g. for load balancing, authentication or SSL termination. When using the UGC multimedia service, it is necessary to use a reverse proxy to distribute requests between the applications.

We provide example configurations for Nginx and Apache HTTP Server below. We use the following environment variables:

Environment variables
VariableDescription
PROXY_PORTport of the reverse proxy
WEBAPP_PORTport of UGC Webapp
MULTIMEDIA_PORTport of UGC multimedia service
DEMO_HOSThost name running UGC-demo example webapp (not needed in production).
DEMO_PORTport of the UGC-demo (not needed in production)
DEMO_PATHpath to UGC-demo (not needed in production)

Replace ugc-webapp and ugc-multimedia by the host names of UGC Webapp and UGC multimedia service, respectively.

Requests to the websocket endpoint /websocket/ need to have the Upgrade and Connection headers. The Apache module proxy_wstunnel_module is used for that purpose. In the Nginx configuration, the headers are set explicitly.

Nginx 

server {
  listen ${PROXY_PORT};
  client_max_body_size 100M;


  ##############
  # Basic Auth #
  ##############

  auth_basic "UGC Protected";
  auth_basic_user_file "/.htpasswd";
  add_header Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform";
  add_header Pragma "no-cache";


  ##############
  # UGC Webapp #
  ##############

  # Pass to UGC Webapp as default
  location / {
    proxy_pass http://ugc-webapp:${WEBAPP_PORT}/;
  }

  # Websocket
  location /websocket/ {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://ugc-webapp:${WEBAPP_PORT}/websocket;
  }


  ##########################
  # UGC Multimedia Service #
  ##########################

  # Private endoints
  location /secure/binary {
    proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary;
  }
  location /secure/multimedia {
    proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia;
  }

  # Public endpoints
  location /public {
    # Disable basic auth for public endpoints
    auth_basic off;

    location /public/binary {
      proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary;
    }
    location /public/multimedia {
      proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia;
    }
  }

  ############
  # UGC Demo #
  ############

  location /${DEMO_PATH} {
    # Disable basic auth for UGC Demo
    auth_basic off;

    proxy_pass http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}/;
  }
}

Apache HTTP Server 

# Required modules: mod_headers, mod_log_config, mod_proxy, mod_proxy_http, mod_proxy_wstunnel
LoadModule headers_module modules/mod_headers.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

<VirtualHost *:${PROXY_PORT}>

  ProxyRequests Off
  ProxyVia On

  Options Includes ExecCGI FollowSymLinks

  <IfModule mod_headers.c>
    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
    Header set Pragma "no-cache"
  </IfModule>

  ##############
  # Basic Auth #
  ##############

  <Location / >
    AuthType Basic
    AuthName "Password Required"
    AuthUserFile /htpasswd
    Require valid-user
  </Location>

  # Disable basic auth for public endpoints
  <Location /public >
    Satisfy any
  </Location>

  # Disable basic auth for UGC Demo
  <Location /${DEMO_PATH} >
    Satisfy any
  </Location>

  ##############
  # UGC Webapp #
  ##############

  # Pass to UGC Webapp as default
  <Location / >
    ProxyPass http://ugc-webapp:${WEBAPP_PORT}/
    ProxyPassReverse http://ugc-webapp:${WEBAPP_PORT}/
  </Location>

  # Websocket
  <Location /websocket/commentsAndImages >
    ProxyPass ws://ugc-webapp:${WEBAPP_PORT}/websocket
    ProxyPassReverse ws://ugc-webapp:${WEBAPP_PORT}/websocket
  </Location>


  ##########################
  # UGC Multimedia Service #
  ##########################

  # Private endoints
  <Location /secure/binary >
    ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary
    ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary
  </Location>
  <Location /secure/multimedia >
    ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia
    ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia
  </Location>

  # Public endpoints
  <Location /public/binary >
    ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary
    ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary
  </Location>
  <Location /public/multimedia >
    ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia
    ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia
  </Location>

  ############
  # UGC Demo #
  ############

  <Location /${DEMO_PATH} >
    ProxyPass http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}
    ProxyPassReverse http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}
  </Location>

</VirtualHost>

Last modified on 6/22/22

The content of this page is licensed under the CC BY 4.0 License. Code samples are licensed under the MIT License.

Icon