It is advisable to operate UGC behind a reverse proxy, e.g. for load balancing, authentication or SSL termination. When using the UGC multimedia service, it is necessary to use a reverse proxy to distribute requests between the applications.
We provide example configurations for Nginx and Apache HTTP Server below. We use the following environment variables:
Variable | Description | |
---|---|---|
PROXY_PORT | port of the reverse proxy | |
WEBAPP_PORT | port of UGC Webapp | |
MULTIMEDIA_PORT | port of UGC multimedia service | |
DEMO_HOST | host name running UGC-demo example webapp (not needed in production). | |
DEMO_PORT | port of the UGC-demo (not needed in production) | |
DEMO_PATH | path to UGC-demo (not needed in production) |
Replace ugc-webapp
and ugc-multimedia
by the host names of UGC Webapp and UGC multimedia service, respectively.
Requests to the websocket endpoint /websocket/
need to have the Upgrade
and Connection
headers. The Apache module proxy_wstunnel_module
is used for that purpose. In the Nginx configuration, the headers are set explicitly.
Nginx
server {
listen ${PROXY_PORT};
client_max_body_size 100M;
##############
# Basic Auth #
##############
auth_basic "UGC Protected";
auth_basic_user_file "/.htpasswd";
add_header Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform";
add_header Pragma "no-cache";
##############
# UGC Webapp #
##############
# Pass to UGC Webapp as default
location / {
proxy_pass http://ugc-webapp:${WEBAPP_PORT}/;
}
# Websocket
location /websocket/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://ugc-webapp:${WEBAPP_PORT}/websocket;
}
##########################
# UGC Multimedia Service #
##########################
# Private endoints
location /secure/binary {
proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary;
}
location /secure/multimedia {
proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia;
}
# Public endpoints
location /public {
# Disable basic auth for public endpoints
auth_basic off;
location /public/binary {
proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary;
}
location /public/multimedia {
proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia;
}
}
############
# UGC Demo #
############
location /${DEMO_PATH} {
# Disable basic auth for UGC Demo
auth_basic off;
proxy_pass http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}/;
}
}
Apache HTTP Server
# Required modules: mod_headers, mod_log_config, mod_proxy, mod_proxy_http, mod_proxy_wstunnel
LoadModule headers_module modules/mod_headers.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
<VirtualHost *:${PROXY_PORT}>
ProxyRequests Off
ProxyVia On
Options Includes ExecCGI FollowSymLinks
<IfModule mod_headers.c>
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</IfModule>
##############
# Basic Auth #
##############
<Location / >
AuthType Basic
AuthName "Password Required"
AuthUserFile /htpasswd
Require valid-user
</Location>
# Disable basic auth for public endpoints
<Location /public >
Satisfy any
</Location>
# Disable basic auth for UGC Demo
<Location /${DEMO_PATH} >
Satisfy any
</Location>
##############
# UGC Webapp #
##############
# Pass to UGC Webapp as default
<Location / >
ProxyPass http://ugc-webapp:${WEBAPP_PORT}/
ProxyPassReverse http://ugc-webapp:${WEBAPP_PORT}/
</Location>
# Websocket
<Location /websocket/commentsAndImages >
ProxyPass ws://ugc-webapp:${WEBAPP_PORT}/websocket
ProxyPassReverse ws://ugc-webapp:${WEBAPP_PORT}/websocket
</Location>
##########################
# UGC Multimedia Service #
##########################
# Private endoints
<Location /secure/binary >
ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary
ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary
</Location>
<Location /secure/multimedia >
ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia
ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia
</Location>
# Public endpoints
<Location /public/binary >
ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary
ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary
</Location>
<Location /public/multimedia >
ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia
ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia
</Location>
############
# UGC Demo #
############
<Location /${DEMO_PATH} >
ProxyPass http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}
ProxyPassReverse http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}
</Location>
</VirtualHost>