Possibility of gridvis service behind nginx reverse proxy

[ripcurlz]

Is it possible to run the gridvis service behind nginx running as a reverse proxy?
I tried to modify the Base URL in the system settings of the gridvis service via browser, e.g. to http://0.0.0.0:8080/gridvis-service/, which somehow seemed to have no effect, since the base url seemed still to be "/landingpage/". Thank you very much for your help.

[janitza-trhi]

Hi @ripcurlz

We would like to help you to run the service behind a reverse proxy.
The Base URL setting is one aspect of it, e.g. used to generate links in E-Mails.
Could you share your current nginx config?

[ripcurlz]

the current nginx config can be seen in the following snippet, where "172.17.1.7" is the gridvis-service container's ip:

#/etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx/nginx.pid;


events {
    worker_connections  4096;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;


    access_log  /var/log/nginx/access.log main;

    sendfile        on;

    keepalive_timeout   65;
    types_hash_max_size 2048;


    proxy_request_buffering     off;

server {
listen 443;
        ssl on;

	location ~* ^/gridvis-service\/?(?<baseuri>.*) {
   auth_request /auth;
        rewrite /gridvis-service/(.*) /$1 break;
        rewrite /gridvis-service / break;
        proxy_pass http://172.17.1.7:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Uri $request_uri;
		
		}
}
}

unfortunately, we can only edit the name "gridvis-service" as of now in the location block of the config. If you see that this config can not work, but you have a working combination of gridvis-service and nginx already, that would still be highly appreciated, since we might be able to edit the whole of the nginx config in the future.

[janitza-trhi]

Hi @ripcurlz

We would like to support using gridvis behind a revere proxy, mainly to support SSL termination.
Currently we are working on a fix to incorporate jetty's ForwardedRequestCustomizer.
However the gridvis needs to be the root context (/) and not "/gridvis-service/(.*)"
Would you mind sharing your use case? Due you need your context path or SSL etc.?

[ripcurlz]

Yes, the use case is the same as you described, for SSL Termination. The context path (in this case "gridvis-service", but could be any other valid string) is also needed.

[janitza-chst]

@ripcurlz
We fixed the internal jetty configuration to allow normal reverse proxy configuration.
This is active in the nightly releases and will be part of the GridVis 8.1.20 or 9.0. as an official release.
The part to rewrite the context path is trickier. We raised an internal Ticket, but it is unlikely, that it will be resolved soon.