- Contents
CX Insights Installation and Configuration Guide
Configure reverse proxy using nginx
You can install a public facing reverse proxy server and route all the incoming requests to the CX Insights server through proxy. Genesys verified the nginx reverse proxy server for the CX Insights server.
To install the nginx reverse proxy server, see nginx documentation.
To configure a reverse proxy server,
-
Find the nginx.conf in the installed path and copy the code given here to the nginx.conf file.
-
Within the copied code, update the appropriate values for the following parameters:
-
<dns_server_name> - specify the dns server name of the server where nginx is installed.
-
<proxy_server_name> - specify the host name where nginx is installed.
-
<cxinsight_server_name> - specify the server name where the CX Insights server is installed.
-
If you don't have a TLS certificate from a Certification Authority, generate a self-signed certificate by using the following command. Copy the generated certificate (tls.crt) and key file (tls.key) file under the nginx directory.
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/nginx/tls.key -out /etc/nginx/tls.crt -subj '/CN=<proxy_server_name>' -days 365
Note: Make sure that you configure TLS certificate and private key correctly, otherwise you cannot log in to CX Insights server.
-
Test the updated configuration in the nginx.conf file by running the following command. We recommend to test the configuration for any syntax errors whenever you make changes in the configuration file.
nginx -t
-
Restart the nginx service. Note that any changes in the nginx.conf file requires a restart of the nginx service.
Log file
You can view the error log file from the default path /var/log/nginx/error.log. If you want to set up a different path, you can do so in the error_log parameter in nginx.conf.
Code to be copied to the nginx.conf file
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
resolver <dns_server_name> valid=90000000s;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name "<proxy_server_name>";
root /usr/share/nginx/html;
ssl_certificate "/etc/nginx/tls.crt";
ssl_certificate_key "/etc/nginx/tls.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ~ ^/(MicroStrategy|cic|WindowsIDP|ICNotifierIDP)/ {
error_log /var/log/nginx/error.log debug;
proxy_pass $scheme://<cxinsight_server_name>$request_uri;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
Related Topics: