This page is to document the migration of IIS to nginx
SSL Configuration
http://nginx.com/resources/admin-guide/nginx-ssl-termination/
Tomcat configuration
To take full advantage of nginx+ssl, I believe we need to setup Tomcat to use the RemoteIpValve:
https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html
An example is here:
http://kdl.nobugware.com/post/2010/02/12/nginx-ssl-tomcat-confluence
nginx page on configuring individual applications
http://wiki.nginx.org/JavaServers
PHP Applications
[List of PHP Applications here]
Two potential solutions
- PHP applications on nginx reverse proxies
- PHP applications on another server (configured the same as Tomcat servers)
The second option potentially makes session handling easier.
Taylor has php54 option. I believe Taylor has a drupal option as well, but it may not suit our needs.
Necessary installs for PHP:
sudo yum install php54 php54-php-fpm php54-php-mysqlnd
Github's use of nginx and map files
http://githubengineering.com/rearchitecting-github-pages/
VMs
Hostnames and IPs
sca-nginx01 is deployed on > scalnx12-vmm with 12GB memory and 6 cores
sca-nginx02 is deployed on > scalnx13-vmm with 12GB memory and 6 cores
Both will share the sca-www hostname through the virtual IP address 134.79.129.86.
Management of the Virtual IP address will be handled with keepalived.
Keepalived
keepalived is to be configured on both machines.
keepalived seems to support HTTP status checks.
The following is roughly the configuration for sca-nginx01. The configuration for sca-nginx02, which will be the failover machine, will be nearly identical, but the priority on the vrrp_instance MUST BE LOWER than the priority on the master. The password will be different.
The configuration is located in /etc/keepalived/keepalived.conf
global_defs { notification_email { bvan@slac.stanford.edu } notification_email_from sca-nginx01@slac.stanford.edu smtp_server localhost smtp_connect_timeout 30 } vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 85 priority 10 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 134.79.129.86 } }