Wednesday, November 29, 2017

SSL Reverse Proxy using nginx without using Oracle Wallet

In my previous post, I mentioned that we can use stunnel to get around using https in oracle utl_http call. Today I ran into this 404 not found problem and there is no solution.

I am forced to switch to nginx. Setup was extremely easy. Most likely I am going to use nginx in the future.

With this setup, I can issue http://localhost:8103 and nginx will load balance between https://web1.remote.com:8443 and https://web2.remote.com:8443

Bonus is I don’t need to worry about oracle wallet anymore. It is a nightmare to maintain, especially internal hostname with https.

nginx.conf
worker_processes  1;
pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile      on;
    keepalive_timeout 65;

upstream tomcathosts {
      server web1.remote.com:8443;
      server web2.remote.com:8443;
  }

server {
    listen 8103;
    server_name  localhost;
    location / {
        root /;
        proxy_connect_timeout       600;
        proxy_send_timeout          600;
        proxy_read_timeout          600;
        send_timeout                600;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass https://tomcathosts;
    }
  }
}

After everything is working, I use nssm to make nginx a window service.

P.S. If you don't have two upstream servers for load balancing, remove the upstream section and put the upstream server hostname directly in proxy_pass

No comments:

Post a Comment