It is advisable to operate UGC behind a reverse proxy, e.g. for load balancing, authentication or SSL termination. When using the UGC multimedia service, it is necessary to use a reverse proxy to distribute requests between the applications.
We provide example configurations for Nginx and Apache HTTP Server below. We use the following environment variables:
| Variable | Description | |
|---|---|---|
| PROXY_PORT | port of the reverse proxy | |
| WEBAPP_PORT | port of UGC Webapp | |
| MULTIMEDIA_PORT | port of UGC multimedia service | |
| DEMO_HOST | host name running UGC-demo example webapp (not needed in production). | |
| DEMO_PORT | port of the UGC-demo (not needed in production) | |
| DEMO_PATH | path to UGC-demo (not needed in production) |
Replace ugc-webapp and ugc-multimedia by the host names of UGC Webapp and UGC multimedia service, respectively.
Requests to the websocket endpoints /websocket/commentsAndImages and /websocket/multimedia need to have the Upgrade and Connection headers. The Apache module proxy_wstunnel_module is used for that purpose. In the Nginx configuration, the headers are set explicitly.
In order to use Swagger UI behind the reverse proxy, it is necessary to set the property server.forward-headers-strategy to FRAMEWORK.
Nginx
server {
listen ${PROXY_PORT};
client_max_body_size 100M;
##############
# Basic Auth #
##############
auth_basic "UGC Protected";
auth_basic_user_file "/.htpasswd";
add_header Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform";
add_header Pragma "no-cache";
##############
# UGC Webapp #
##############
# Pass to UGC Webapp as default
location / {
proxy_pass http://ugc-webapp:${WEBAPP_PORT}/;
proxy_set_header X-Forwarded-Host $host:${PROXY_PORT};
}
# Websocket
location /websocket/commentsAndImages {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://ugc-webapp:${WEBAPP_PORT}/websocket/commentsAndImages;
}
##########################
# UGC Multimedia Service #
##########################
# Private endoints
location /secure/binary {
proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary;
}
location /secure/multimedia {
proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia;
}
# Public endpoints
location /public {
# Disable basic auth for public endpoints
auth_basic off;
location /public/binary {
proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary;
}
location /public/multimedia {
proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia;
}
}
# Websocket
location /websocket/multimedia {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://ugc-multimedia:${MULTIMEDIA_PORT}/websocket/multimedia;
}
############
# UGC Demo #
############
location /${DEMO_PATH} {
# Disable basic auth for UGC Demo
auth_basic off;
proxy_pass http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}/;
}
}
Apache HTTP Server
# Required modules: mod_headers, mod_log_config, mod_proxy, mod_proxy_http, mod_proxy_wstunnel
LoadModule headers_module modules/mod_headers.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
<VirtualHost *:${PROXY_PORT}>
ProxyRequests Off
ProxyVia On
Options Includes ExecCGI FollowSymLinks
<IfModule mod_headers.c>
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</IfModule>
##############
# Basic Auth #
##############
<Location / >
AuthType Basic
AuthName "Password Required"
AuthUserFile /htpasswd
Require valid-user
</Location>
# Disable basic auth for public endpoints
<Location /public >
Satisfy any
</Location>
# Disable basic auth for UGC Demo
<Location /${DEMO_PATH} >
Satisfy any
</Location>
##############
# UGC Webapp #
##############
# Pass to UGC Webapp as default
<Location / >
ProxyPass http://ugc-webapp:${WEBAPP_PORT}/
ProxyPassReverse http://ugc-webapp:${WEBAPP_PORT}/
</Location>
# Websocket
<Location /websocket/commentsAndImages >
ProxyPass ws://ugc-webapp:${WEBAPP_PORT}/websocket
ProxyPassReverse ws://ugc-webapp:${WEBAPP_PORT}/websocket/commentsAndImages
</Location>
##########################
# UGC Multimedia Service #
##########################
# Private endoints
<Location /secure/binary >
ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary
ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/binary
</Location>
<Location /secure/multimedia >
ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia
ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/secure/multimedia
</Location>
# Public endpoints
<Location /public/binary >
ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary
ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/public/binary
</Location>
<Location /public/multimedia >
ProxyPass http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia
ProxyPassReverse http://ugc-multimedia:${MULTIMEDIA_PORT}/public/multimedia
</Location>
# Websocket
<Location /websocket/multimedia >
ProxyPass ws://ugc-multimedia:${MULTIMEDIA_PORT}/websocket
ProxyPassReverse ws://ugc-multimedia:${MULTIMEDIA_PORT}/websocket/multimedia
</Location>
############
# UGC Demo #
############
<Location /${DEMO_PATH} >
ProxyPass http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}
ProxyPassReverse http://${DEMO_HOST}:${DEMO_PORT}/${DEMO_PATH}
</Location>
</VirtualHost>
