Nginx est un serveur Web populaire et un serveur proxy inverse.
Il peut être utilisé comme couche entre Looker et les utilisateurs finaux afin de modifier le port que les navigateurs Web utilisent pour accéder à Looker. Par défaut, les utilisateurs doivent utiliser une URL semblable à https://hostname.domain.com:9999. En utilisant une configuration Nginx semblable à celle présentée sur cette page, les utilisateurs peuvent accéder à Looker sans le numéro de port, comme https://hostname.domain.com. Cette méthode est plus facile à saisir et à retenir, et est généralement plus pratique.
Voici un exemple de nginx.conf. Elle devra être personnalisée pour votre environnement.
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
large_client_header_buffers 6 32k;
client_max_body_size 100m;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug; # change from debug to warn or error for production
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 443;
ssl on;
ssl_certificate /etc/looker/ssl/certs/self-ssl.crt;
# replace with your cert file
ssl_certificate_key /etc/looker/ssl/private/self-ssl.key;
# replace with your key file
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass https://looker.domain.com:9999; # Replace looker.domain.com with the name
# that clients will use to access Looker
### Force timeouts if one of backend hosts is dead ###
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
### Set headers ###
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Don't timeout waiting for long queries - timeout is 1 hr ###
proxy_read_timeout 3600;
proxy_set_header X-Forwarded-Proto $scheme;
### By default we don't want to redirect ###
proxy_redirect off;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
}
server {
listen 19999;
ssl on;
ssl_certificate /etc/looker/ssl/certs/self-ssl.crt;
# replace with your cert file
ssl_certificate_key /etc/looker/ssl/private/self-ssl.key;
# replace with your key file
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass https://looker.domain.com:19999; # Replace looker.domain.com with the name
# that clients will use to access Looker
### Force timeouts if one of backend hosts is dead ###
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
### Set headers ###
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Don't timeout waiting for long queries - timeout is 1 hr ###
proxy_read_timeout 3600;
proxy_set_header X-Forwarded-Proto $scheme;
### By default we don't want to redirect ###
proxy_redirect off;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
}
}