Views: 290
Last Modified: 09.07.2020

Query proxying

Let's take the situation when nginx server operates as external proxy.

These settings can be adapted for other proxy services as well.

Push-server

Push-server settings must be moved to your load balancer (whether it's the only input point or it services only client queries from external networks when BitrixVA services the local network).

Duplicate push queries proxying settings to the load balancer. You can take a Virtual Appliance config file bx/conf/im_subscrider.conf as the basis (you can directly copy it to the balancer):

location ~* ^/bitrix/subws/ {
    access_log off;
    proxy_pass http://nodejs_sub;
    # http://blog.martinfjordvald.com/2013/02/websockets-in-nginx/
    # 12h+0.5
    proxy_max_temp_file_size 0;
    proxy_read_timeout  43800;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $replace_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

location ~* ^/bitrix/sub/ {
    access_log off;
    rewrite ^/bitrix/sub/(.*)$ /bitrix/subws/$1 break;
    proxy_pass http://nodejs_sub;
    proxy_max_temp_file_size 0;
    proxy_read_timeout  43800;
}

location ~* ^/bitrix/rest/ {
    access_log off;
    proxy_pass http://nodejs_pub;
    proxy_max_temp_file_size 0;
    proxy_read_timeout  43800;
}

This file is connected to the server with configured query proxying to the virtual appliance.


Higher level config file depends on bx/settings/rtc-im_settings.conf, with the following parameters defined:

  • passing the headers Upgrade and Connection via the variables:
    # if connection ti not set
    map $http_upgrade $connection_upgrade {
      default upgrade;
      '' 'close';
    }
    
    map $http_upgrade  $replace_upgrade {
      default $http_upgrade;
      ''      "websocket";
    }
    
  • upstream-server
    upstream nodejs_sub {
      ip_hash;
      keepalive 1024;
      server push:8010;
      server push:8011;
      server push:8012;
      server push:8013;
      server push:8014;
      server push:8015;
    }
    
    
    upstream nodejs_pub {
      ip_hash;
      keepalive 1024;
      server push:9010;
      server push:9011;
    }
    

Also copy the file bx/settings/rtc-im_settings.conf and connect on the level of http-section at the load balancer.

Important! The file bx/settings/rtc-im_settings.conf contains push-server name. Bitrix Virtual Appliance stores all the pool server names in /etc/hosts. External load balancer doesn't know about this, that's why matching parameters must be written into balancer's hosts file. Other option is to change the setting to the IP address of push server.

Next, open the ports 8010-8015 and 9010-9011 on the push-server for accessing from the balancer.

iptables:

iptables -I INPUT -p tcp --match multiport --dport 8010:8015 -j ACCEPT
iptables -I INPUT -p tcp --match multiport --dport 9010:9011 -j ACCEPT
iptables-save > /etc/sysconfig/iptables

firewalld:

firewall-cmd --permanent --add-port=8010-8015/tcp
firewall-cmd --permanent --add-port=9010-9011/tcp
firewall-cmd --reload

HTTPS access

In situation, when we are proxying http and https for site test.example.org for port 80 of Bitrix Virtual Appliance.

Enable module real_ip in BitrixVA – create the config file bx/settings/real_ip.conf:

set_real_ip_from BALANCER_IP;
real_ip_header X-Forwarded-For;

Indicate balancer header in real_ip_header passed to the backend (to Bitrix Virtual Appliance). In set_real_ip_from – balancer IP address.

Re-launch nginx.

CentOS 6:

service nginx restart

CentOS 7:

systemctl restart nginx.service

Then, configure passing of protocol used by client to interact with server.

It's important for balancer to pass protocol information to the backend server:

proxy_set_header X-Forwarded-Proto $scheme;

Configure on the backend (Bitrix Virtual Appliance) to setup variables in the file bx/settings/schema.conf:

map $http_x_forwarded_proto $balancer_port {
   default 80;
   "https" 443;
}

map $http_x_forwarded_proto $balancer_https {
    default "NO";
    "https" "YES";
}

The backend's variable $http_x_forwarded_proto will contain the value http or https depending on connection protocol.


Next, you'll need a site configuration file:

default site – /etc/nginx/bx/site_enabled/s1.conf
additional site – /etc/nginx/bx/site_enabled/bx_ext_test.example.org.conf

We need the following part in the config file:

proxy_set_header Host $host:80;

Change the above part to:

proxy_set_header Host $host:$balancer_port;
proxy_set_header HTTPS $balancer_https;

Re-launch nginx:

CentOS 6:

service nginx restart

CentOS 7:

systemctl restart nginx.service

The setup is complete.





Courses developed by «Bitrix», Inc.