Exemplo de configuração do Nginx

O Nginx é um servidor de proxy reverso e da Web muito usado.

Ele pode ser usado como uma camada entre o Looker e os usuários finais para mudar a porta que os navegadores da Web usam para acessar o Looker. Por padrão, os usuários precisam usar um URL semelhante a https://hostname.domain.com:9999. Usando uma configuração do Nginx semelhante à desta página, os usuários podem acessar o Looker sem o número da porta, como https://hostname.domain.com. Isso é mais fácil para os usuários digitarem e lembrarem, e geralmente é mais conveniente.

Um exemplo de nginx.conf está incluído aqui. Ele precisa ser personalizado para seu ambiente.

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
  worker_connections 768;
  # multi_accept on;
}

http {

  ##
  # Basic Settings
  ##

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  large_client_header_buffers 6 32k;
  client_max_body_size 100m;

  # server_names_hash_bucket_size 64;
  # server_name_in_redirect off;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # Logging Settings
  ##
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log debug; # change from debug to warn or error for production

  ##
  # Gzip Settings
  ##
  gzip on;
  gzip_disable "msie6";

  ##
  # Virtual Host Configs
  ##

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;

  server {
    listen                     443;
    ssl                        on;
    ssl_certificate            /etc/looker/ssl/certs/self-ssl.crt;
                                 # replace with your cert file
    ssl_certificate_key        /etc/looker/ssl/private/self-ssl.key;
                                 # replace with your key file
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:SSL:10m;
    ssl_session_timeout        10m;

    location / {
      proxy_pass https://looker.domain.com:9999; # Replace looker.domain.com with the name
                                                 # that clients will use to access Looker

      ### Force timeouts if one of backend hosts is dead ###
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

      ### Set headers ###
      proxy_set_header          X-Real-IP $remote_addr;
      proxy_set_header          Accept-Encoding "";
      proxy_set_header          Host $http_host;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

      ### Don't timeout waiting for long queries - timeout is 1 hr ###
      proxy_read_timeout        3600;
      proxy_set_header          X-Forwarded-Proto $scheme;

      ### By default we don't want to redirect ###
      proxy_redirect            off;

      proxy_buffer_size         128k;
      proxy_buffers             4 256k;
      proxy_busy_buffers_size   256k;
    }
  }

  server {
    listen                     19999;
    ssl                        on;
    ssl_certificate            /etc/looker/ssl/certs/self-ssl.crt;
                                 # replace with your cert file
    ssl_certificate_key        /etc/looker/ssl/private/self-ssl.key;
                                 # replace with your key file
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:SSL:10m;
    ssl_session_timeout        10m;

    location / {
      proxy_pass https://looker.domain.com:19999; # Replace looker.domain.com with the name
                                                  # that clients will use to access Looker

      ### Force timeouts if one of backend hosts is dead ###
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

      ### Set headers ###
      proxy_set_header          X-Real-IP $remote_addr;
      proxy_set_header          Accept-Encoding "";
      proxy_set_header          Host $http_host;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

      ### Don't timeout waiting for long queries - timeout is 1 hr ###
      proxy_read_timeout        3600;
      proxy_set_header          X-Forwarded-Proto $scheme;

      ### By default we don't want to redirect ###
      proxy_redirect            off;

      proxy_buffer_size         128k;
      proxy_buffers             4 256k;
      proxy_busy_buffers_size   256k;
    }
  }
}