Nginx
NginX (pronounced "engine x") is a reverse proxy server that can be used with Berlioz to increase the performance and scalibity of a Berlioz Web application.
Why use nginx?
Berlioz requires an Java servlet container such as Jetty or Tomcat to run. While they work very well on their own; there are situations when running the Servlet container behind nginx can help.
Using Nginx can improve the general performance and scalability of your application by taking on some of the work and offloading to Jetty when necessary.
Here are a few common use case where nginx can help:
- simplifying administration
- providing fallback page when the site is busy and being updated
- serving static content - in particular large cacheable content
- load balancing between several Berlioz instances
- providing SSL termination
- using HTTP2 or SPDY
- mixing a Berlioz application with other content
How to configure nginx for Berlioz
Nginx will not work as well with a war file, so your application need to deployed directly in the file system.
Static files
Generally, NginX can serve directly the content of the files under the application directory with the exception of:
WEB-INFandMETA-INFwhich are reserved folders in Java Web applications and must not be accessible publicly (the servlet container normally takes care of that, but if NginX reads directly form the file system.- Any other directory or resource which may be protected by the application should be proxied to the Servlet container.
Berlioz content
The content generated by Berlioz will usually end with .html, .xml, .json or .src and should be proxied directly to Berlioz. Berlioz automatically sets the correct HTTP headers for caching and these can be left alone.
It is important to also set the host header correctly so that the location element in the Berlioz header returns the correct values.
location ~ \.(html|xml|json|src)$ {
proxy_pass http://localhost:8999;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
}
Bundles
File generated by the bundler can be cached safely for a very long time because their name include a time stamp and hash, in fact they are designed to be cached safely. They are also good candidates for content caching.
location ~ ^/(style|script)/_/ {
expires max;
}
Sample configuration
The sample configuration below defines an http block using
- HTTP2 with SSL
- Proxying requests Berlioz on
http://localhost:8999 - Serving static files directly from
/opt/berlioz/exampleapp
# HTTPS for development server using HTTP2
server {
client_max_body_size 20M;
listen 443 ssl http2;
server_name example.com;
root /opt/berlioz/exampleapp;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000";
location / {
index index.html home.html;
}
# Protect WEB-INF and META-INF
location ~ ^/(WEB-INF|META-INF)/ {
deny all;
}
# Must be served by Berlioz
location ~ \.(html|xml|json|src)$ {
proxy_pass http://localhost:8999;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
# Only allow bzadmin from intranet
location /bzadmin/ {
allow 192.168.200.0/24;
}
}
# Bundles can be cached for a long time
location ~ ^/(style|script)/_/ {
expires max;
}
}
# HTTP should redirect to HTTPS
server {
listen 80;
server_name example.com;
location / {
return 301 https://$host$request_uri;
}
}
# Alternate domains
server {
listen 80;
server_name example.org;
location / {
return 301 https://example.com$request_uri;
}
}
More information
https://www.nginx.com/resources/wiki/start/topics/examples/javaservers/
Created on , last edited on