You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

This page is to document the migration of IIS to nginx

 

 

SSL Configuration

http://nginx.com/resources/admin-guide/nginx-ssl-termination/

Tomcat configuration

To take full advantage of nginx+ssl, I believe we need to setup Tomcat to use the RemoteIpValve:

https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html

An example is here:

http://kdl.nobugware.com/post/2010/02/12/nginx-ssl-tomcat-confluence

nginx page on configuring individual applications

http://wiki.nginx.org/JavaServers



PHP Applications

[List of PHP Applications here]

Two potential solutions

  1. PHP applications on nginx reverse proxies
  2. PHP applications on another server (configured the same as Tomcat servers)

The second option potentially makes session handling easier.

Taylor has php54 option. I believe Taylor has a drupal option as well, but it may not suit our needs.

Necessary installs for PHP:

sudo yum install php54 php54-php-fpm php54-php-mysqlnd

 

Github's use of nginx and map files

http://githubengineering.com/rearchitecting-github-pages/

 

VMs

Hostnames and IPs

sca-nginx01 is deployed on > scalnx12-vmm with 12GB memory and 6 cores

sca-nginx02 is deployed on > scalnx13-vmm with 12GB memory and 6 cores

Both will share the sca-www hostname through the virtual IP address 134.79.129.86.

Management of the Virtual IP address will be handled with keepalived.


Keepalived

keepalived is to be configured on both machines.

keepalived seems to support HTTP status checks.

The following is roughly the configuration for sca-nginx01. The configuration for sca-nginx02, which will be the failover machine, will be nearly identical, but the priority on the vrrp_instance MUST BE LOWER than the priority on the master. The password will be different.

The configuration is located in /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     bvan@slac.stanford.edu
   }
   notification_email_from sca-nginx01@slac.stanford.edu
   smtp_server localhost
   smtp_connect_timeout 30
}
vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 85
    priority 10
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        134.79.129.86
    }
}

 


  • No labels