Views: 6138
Last Modified: 04.09.2024
Attention! Provided settings are listed outside the scope of the Virtual Appliance menu. This means that the details below are provided for informational purposes only and should be used with clear understanding of your actions and under your own liability. Bitrix24 technical support reviews the questions related to Virtual Appliance menu items only.
Let's assume, nginx server acts as an external proxy.
When required, you can adapt these settings for other proxy-services as well.
Push-server
Push-server settings must be moved to your load balancer (whether it's the only input point or it services only client queries from external networks when BitrixVA services the local network).
Duplicate push queries proxying settings to the load balancer. You can take a Virtual Appliance config file bx/conf/im_subscrider.conf as the basis (you can directly copy it to the balancer):
location ~* ^/bitrix/subws/ {
access_log off;
proxy_pass http://nodejs_sub;
# http://blog.martinfjordvald.com/2013/02/websockets-in-nginx/
# 12h+0.5
proxy_max_temp_file_size 0;
proxy_read_timeout 43800;
proxy_http_version 1.1;
proxy_set_header Upgrade $replace_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location ~* ^/bitrix/sub/ {
access_log off;
rewrite ^/bitrix/sub/(.*)$ /bitrix/subws/$1 break;
proxy_pass http://nodejs_sub;
proxy_max_temp_file_size 0;
proxy_read_timeout 43800;
}
location ~* ^/bitrix/rest/ {
access_log off;
proxy_pass http://nodejs_pub;
proxy_max_temp_file_size 0;
proxy_read_timeout 43800;
}
This file is connected to the server with configured query proxying to the virtual appliance.
Higher level config file depends on bx/settings/rtc-im_settings.conf, with the following parameters defined:
- passing the headers
Upgrade
and Connection
via the variables:
# if connection ti not set
map $http_upgrade $connection_upgrade {
default upgrade;
'' 'close';
}
map $http_upgrade $replace_upgrade {
default $http_upgrade;
'' "websocket";
}
- upstream-server
upstream nodejs_sub {
ip_hash;
keepalive 1024;
server push:8010;
server push:8011;
server push:8012;
server push:8013;
server push:8014;
server push:8015;
}
upstream nodejs_pub {
ip_hash;
keepalive 1024;
server push:9010;
server push:9011;
}
Also copy the file bx/settings/rtc-im_settings.conf and connect on the level of http
-section at the load balancer.
Important! The file bx/settings/rtc-im_settings.conf contains push-server name. Bitrix Virtual Appliance stores all the pool server names in /etc/hosts. External load balancer doesn't know about this, that's why matching parameters must be written into balancer's hosts file. Other option is to change the setting to the IP address of push server.
Next, open the ports 8010-8015 and 9010-9011 on the push-server for accessing from the balancer.
firewalld:
firewall-cmd --permanent --add-port=8010-8015/tcp
firewall-cmd --permanent --add-port=9010-9011/tcp
firewall-cmd --reload
HTTPS access
In situation, when we are proxying http and https for site test.example.org for port 80 of Bitrix Virtual Appliance.
Enable module real_ip in BitrixVA – create the config file bx/settings/real_ip.conf:
set_real_ip_from BALANCER_IP;
real_ip_header X-Forwarded-For;
Indicate balancer header in real_ip_header
passed to the backend (to Bitrix Virtual Appliance). In set_real_ip_from
– balancer IP address.
Re-launch nginx.
systemctl restart nginx.service
Then, configure passing of protocol used by client to interact with server.
It's important for balancer to pass protocol information to the backend server:
proxy_set_header X-Forwarded-Proto $scheme;
Configure on the backend (Bitrix Virtual Appliance) to setup variables in the file bx/settings/schema.conf:
map $http_x_forwarded_proto $balancer_port {
default 80;
"https" 443;
}
map $http_x_forwarded_proto $balancer_https {
default "NO";
"https" "YES";
}
The backend's variable $http_x_forwarded_proto
will contain the value http
or https
depending on connection protocol.
Next, you'll need a site configuration file:
default site –
/etc/nginx/bx/site_enabled/s1.conf
additional site –
/etc/nginx/bx/site_enabled/bx_ext_test.example.org.conf
We need the following part in the config file:
proxy_set_header Host $host:80;
Change the above part to:
proxy_set_header Host $host:$balancer_port;
proxy_set_header HTTPS $balancer_https;
Re-launch nginx:
systemctl restart nginx.service
The setup is complete.