RTC Forums
September 17, 2019, 03:18:46 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Login Register  
Pages: [1]
  Print  
Author Topic: Let nginx do ssl and load balancing  (Read 54 times)
Star5
RTC License+
****
Posts: 25


« on: August 24, 2019, 05:02:19 PM »

Let nginx do ssl and load balancing, we only deal with http, more stable, and no need to waste money for streamsec, SecureBlackbox.

Attach the nginx configuration case, the code is as follows:


# Precautions:
# webpascal configuration (SrvConfig.ini), Srv > SrvSSL=0 (disable ssl), Redirect entry disabled (set to blank)
# This example was tested under nginx-1.16.1 and nginx-1.17.3, demonstrating a single IP binding multi-domain multi-DVSSL certificate.

# The number of working processes, cpu core * 2 almost
worker_processes  4;

events {
    # Number of working connections
    worker_connections  65535;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    # Sendfile is a higher performance system interface than read and write
    sendfile        on;

    keepalive_timeout  65;

    # If there is only a static page, just open gzip here. If you use webpascal, because there will be an interface, don't open gzip here.
    #gzip  on;

    server {
        listen       80;
        server_name  www.zjoss.com zjoss.com;
        # The official said that rewrite is inefficient, so use 301
        # rewrite ^/(.*)$ https://www.zjoss.com:443/$1 permanent;
        if ($server_port = 80 ) {
        return 301 https://$server_name$request_uri;
        }
        if ($scheme = http ) {
        return 301 https://$server_name$request_uri;
        }
        error_page 497 https://$server_name$request_uri;
    }
    server {
        listen       443;
        server_name  www.zjoss.com zjoss.com;

        ssl on;
        ssl_certificate      zjoss.com.pem;
        ssl_certificate_key  zjoss.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
            # Use the proxy to jump to webpascal based on the port. X-Real-IP and X-Forwarded-For will be read in webpascal 3.6 or later.
            proxy_pass http://localhost:8080;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Real-Port $remote_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

    server {
        listen       80;
        server_name  www.webpascal.com webpascal.com;
        # rewrite ^/(.*)$ https://www.webpascal.com:443/$1 permanent;
        if ($server_port = 80 ) {
        return 301 https://$server_name$request_uri;
        }
        if ($scheme = http ) {
        return 301 https://$server_name$request_uri;
        }
        error_page 497 https://$server_name$request_uri;
    }
    server {
        listen       443;
        server_name  www.webpascal.com webpascal.com;

        ssl on;
        ssl_certificate      webpascal.com.pem;
        ssl_certificate_key  webpascal.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
            proxy_pass http://localhost:8080;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Real-Port $remote_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

}
Logged
Star5
RTC License+
****
Posts: 25


« Reply #1 on: August 24, 2019, 05:13:07 PM »

Although SecureBlackbox works well with RealThinClientSDK, it is expensive, and StreamSecII is not well used in projects.

I am completing more web development orders, using webpascal (rtcDP+rtcScript), I think this is a good development direction, RealThinClentSDK should not waste time on unfamiliar work such as ssl, these things let other mature tools Go and do it.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.024 seconds with 16 queries.