This repository has been archived by the owner on May 24, 2023. It is now read-only.
/
websphere-nginx-oss.conf
149 lines (121 loc) · 3.97 KB
/
websphere-nginx-oss.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# NGINX configuration for load balancing of IBM WebSphere Application Servers
#
# The configuration file should be saved to /etc/nginx/conf.d/websphere.conf.
# In the main /etc/nginx/nginx.conf file ensure that the following line is
# present in the http {...} block:
# include /etc/nginx/conf.d/*.conf;
#
# For more information, see http://nginx.org/r/include, and the 'Using NGINX
# to Load Balance IBM WebSphere' deployment guide at
# http://www.nginx.com/
#
# For more information on NGINX Plus, the commericial version of NGINX,
# please see http://www.nginx.com/products/
#
# Tested with NGINX 1.9.1
#
# June 19, 2015
# Version 1.0
proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $https $is_ssl {
default false;
on true;
}
upstream websphere {
# Use IP Hash for session persistence
ip_hash;
# List of WebSphere Application Servers
server 127.0.0.1:9080;
server 127.0.0.1:9081;
}
upstream websphere-ssl {
# Use IP Hash for session persistence
ip_hash;
# List of WebSphere Application Servers
server 127.0.0.1:9443;
server 127.0.0.1:9444;
}
server {
listen 80;
# Return a 302 Redirect to the /webapp/ directory
# when user requests /
location = / {
return 302 /webapp/;
}
# A location block is need per URI group
location /webapp/ {
proxy_pass http://websphere;
proxy_cache backcache;
proxy_set_header "$WSSC" $scheme;
proxy_set_header "$WSPR" $server_protocol;
proxy_set_header "$WSRA" $remote_addr;
proxy_set_header "$WSRH" $host;
proxy_set_header "$WSRU" $remote_user;
proxy_set_header "$WSSN" $server_name;
proxy_set_header "$WSSP" $server_port;
proxy_set_header "$WSIS" $is_ssl;
# Note that these vars are only available if
# NGINX was built with SSL
proxy_set_header "$WSCC" $ssl_client_cert;
proxy_set_header "$WSCS" $ssl_cipher;
proxy_set_header "$WSSI" $ssl_session_id;
# No equivalent NGINX variable for these headers.
proxy_hide_header "$WSAT";
proxy_hide_header "$WSPT";
proxy_hide_header "$WSFO";
}
# WebSocket configuration
location /wstunnel/ {
proxy_pass http://websphere;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
server {
listen 443 ssl spdy;
ssl_certificate certchain.pem;
ssl_certificate_key privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Return a 302 Redirect to the /webapp/ directory
# when user requests /
location = / {
return 302 /webapp/;
}
# A location block is need per URI group
location /webapp/ {
proxy_pass https://websphere;
proxy_cache backcache;
proxy_set_header "$WSSC" $scheme;
proxy_set_header "$WSPR" $server_protocol;
proxy_set_header "$WSRA" $remote_addr;
proxy_set_header "$WSRH" $host;
proxy_set_header "$WSRU" $remote_user;
proxy_set_header "$WSSN" $server_name;
proxy_set_header "$WSSP" $server_port;
proxy_set_header "$WSIS" $is_ssl;
# Note that these vars are only available if
# NGINX was built with SSL
proxy_set_header "$WSCC" $ssl_client_cert;
proxy_set_header "$WSCS" $ssl_cipher;
proxy_set_header "$WSSI" $ssl_session_id;
# No equivalent NGINX variable for these headers.
proxy_hide_header "$WSAT";
proxy_hide_header "$WSPT";
proxy_hide_header "$WSFO";
}
# WebSocket configuration
location /wstunnel/ {
proxy_pass https://websphere;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}