Exemple de configuration Nginx

Nginx est un serveur Web populaire et un serveur proxy inverse.

Il peut être utilisé comme couche entre Looker et les utilisateurs finaux afin de modifier le port que les navigateurs Web utilisent pour accéder à Looker. Par défaut, les utilisateurs doivent utiliser une URL semblable à https://hostname.domain.com:9999. Une configuration Nginx semblable à celle présentée sur cette page permet aux utilisateurs d'accéder à Looker sans numéro de port, comme https://hostname.domain.com. Cette méthode est généralement plus pratique pour saisir, saisir et mémoriser.

Un exemple de propriété nginx.conf est incluse ici. Il devra être personnalisé pour votre environnement.

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
  worker_connections 768;
  # multi_accept on;
}

http {

  ##
  # Basic Settings
  ##

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  large_client_header_buffers 6 32k;
  client_max_body_size 100m;

  # server_names_hash_bucket_size 64;
  # server_name_in_redirect off;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # Logging Settings
  ##
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log debug; # change from debug to warn or error for production

  ##
  # Gzip Settings
  ##
  gzip on;
  gzip_disable "msie6";

  ##
  # Virtual Host Configs
  ##

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;

  server {
    listen                     443;
    ssl                        on;
    ssl_certificate            /etc/looker/ssl/certs/self-ssl.crt;
                                 # replace with your cert file
    ssl_certificate_key        /etc/looker/ssl/private/self-ssl.key;
                                 # replace with your key file
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:SSL:10m;
    ssl_session_timeout        10m;

    location / {
      proxy_pass https://looker.domain.com:9999; # Replace looker.domain.com with the name
                                                 # that clients will use to access Looker

      ### Force timeouts if one of backend hosts is dead ###
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

      ### Set headers ###
      proxy_set_header          X-Real-IP $remote_addr;
      proxy_set_header          Accept-Encoding "";
      proxy_set_header          Host $http_host;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

      ### Don't timeout waiting for long queries - timeout is 1 hr ###
      proxy_read_timeout        3600;
      proxy_set_header          X-Forwarded-Proto $scheme;

      ### By default we don't want to redirect ###
      proxy_redirect            off;

      proxy_buffer_size         128k;
      proxy_buffers             4 256k;
      proxy_busy_buffers_size   256k;
    }
  }

  server {
    listen                     19999;
    ssl                        on;
    ssl_certificate            /etc/looker/ssl/certs/self-ssl.crt;
                                 # replace with your cert file
    ssl_certificate_key        /etc/looker/ssl/private/self-ssl.key;
                                 # replace with your key file
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:SSL:10m;
    ssl_session_timeout        10m;

    location / {
      proxy_pass https://looker.domain.com:19999; # Replace looker.domain.com with the name
                                                  # that clients will use to access Looker

      ### Force timeouts if one of backend hosts is dead ###
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

      ### Set headers ###
      proxy_set_header          X-Real-IP $remote_addr;
      proxy_set_header          Accept-Encoding "";
      proxy_set_header          Host $http_host;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

      ### Don't timeout waiting for long queries - timeout is 1 hr ###
      proxy_read_timeout        3600;
      proxy_set_header          X-Forwarded-Proto $scheme;

      ### By default we don't want to redirect ###
      proxy_redirect            off;

      proxy_buffer_size         128k;
      proxy_buffers             4 256k;
      proxy_busy_buffers_size   256k;
    }
  }
}