Skip to main content

Nginx for UNIX®/Linux/macOS

Nginx for UNIX®/Linux/macOS

Introduction

This page describes how to build and configure an Nginx web server for use with the InterSystems Web Gateway on UNIX®, Linux, or macOS.

Nginx is an Open Source product and the source code can be downloaded free of charge from: http://nginx.org/Opens in a new tab

Some prebuilt kits are available for Linux which are, generally, a few builds behind the latest Nginx build. However, given that extensions must be compiled into the Nginx core, it is necessary to build the web server locally from the source code in order to include support for CSP.

After the steps in this page, you can use the Web Gateway management pages to further configure the Web Gateway.

Assumptions

This page assumes that:

  • CSP/Web Gateway web server components are installed in /opt/webgateway/bin/

  • InterSystems IRIS, if installed locally, is in /opt/iris/

  • The web server is installed under /opt/nginx/

If the layout is different on your system, modify the configuration directives as appropriate.

Installation

The Web Gateway components and the CSP static files should be installed as follows:

  1. Web Gateway Network Service Daemon (NSD)

    • CSPnsd

    The default location for this binary is /opt/webgateway/bin/

  2. HyperEvents Components

    CSPBroker.js

    CSPxmlhttp.js

    The default location for these files is /opt/iris/csp/broker

    If these files are to be served as static components directly by the web server, copy them to /opt/nginx/html/csp/broker

  3. Miscellaneous static resources used by the Management Portal

    A number of static web resources (such as image files) are required by the Management Portal. The default location for these files is /opt/iris/csp/sys

    If these files are to be served as static components directly by the web server, copy them to /opt/nginx/html/csp/sys

Building the Nginx Web Server for CSP

Most of the Web Gateway functionality is provided by the NSD (CSPnsd). For CSP access, Nginx can be built and configured to communicate with the NSD through a small compiled-in module, ngx_http_csp_module.c. For convenience, all Web Gateway installations include this source file.

The build instructions given here are based on the official documentation for building Nginx under UNIX® systems:

http://nginx.org/en/docs/configure.htmlOpens in a new tab

The Nginx documentation stipulates that the following third party add-ons are also required:

Important:

The OpenSSL toolkit you use should be compatible with your version of InterSystems IRIS; see Which TLS Versions Does My Instance of InterSystems IRIS Support?

However, it is possible to create a fully functional server without these components, provided the final installation doesn’t require the functionality that would otherwise be provided by them.

A typical configuration script for building Nginx, including all optional modules listed above, is as follows:

./configure --prefix=/opt/nginx --with-http_ssl_module

This results in a default Nginx build installed under: /opt/nginx

The build process can be modified to exclude optional modules:

  • OpenSSL - Remove SSL/TLS capability:

    Remove directive: --with-http_ssl_module

  • Zlib - Remove GZIP capability:

    Add directive: --without-http_gzip_module

  • PCRE - Remove HTTP rewrite capability:

    Add directive: --without-http_rewrite_module

Procedure for building Nginx for CSP

  1. Unpack the source distribution under a location of your choice. For example:

    /opt/

    After unpacking, if you specify /opt/, the source code distribution is under:

    /opt/nginx-n.n.n/

  2. Create a directory for the CSP extension:

    /opt/nginx-n.n.n/csp/

  3. Copy the module source code (ngx_http_csp_module.c) to the directory created above.

  4. In that same directory, create a configuration file called config. This file should contain the following lines:

    ngx_addon_name=ngx_http_csp_module
    HTTP_MODULES="$HTTP_MODULES ngx_http_csp_module"
    NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_csp_module.c"
    CORE_LIBS="$CORE_LIBS -ldl"
    
  5. Working in /opt/nginx-n.n.n/, configure the Nginx build environment:

    ./configure --prefix=/opt/nginx
                --with-http_ssl_module
                --add-module=/opt/nginx-n.n.n/csp
    

    Alternatively, without the optional functionality provided by OpenSSL, ZLIB and PCRE:

     ./configure --prefix=/opt/nginx
                 --without-http_rewrite_module
                 --without-http_gzip_module
                 --add-module=/opt/nginx-n.n.n/csp
    

    Note the final line containing the instructions to include the CSP module.

  6. Compile Nginx:

    make
    
  7. Install Nginx:

    make install
    

    If successful, you should find the complete server installation under:

    /opt/nginx/

Using the NSD with Nginx

You must configure the web server so that it recognizes requests your InterSystems IRIS application must serve and then passes those requests to the NSD.

To do so, edit the web server configuration file (nginx.conf) which is found in /opt/nginx/conf

This section describes the server configuration directives which the CSP extension module provides for configuring the web server. Issuing any of these directives within the context of a location block applies the directive to traffic at the path specified.

CSPNSD_pass hostname:portNum;

(Required.) Specifies the address (hostname and port) where the NSD is listening.

If you do not specify an NSD address for a particular path, the NSD listens at the address 127.0.0.1:7038 by default.

CSP on; and CSP off;

Enables or disables routing to CSP servers through the Web Gateway for all requests.

If you do not issue a CSP directive which applies to a particular path, no requests sent to that path are routed through the CSP off, and the web server does not route any requests sent to that path through the Web Gateway.

CSPFileTypes filetype1[ filetype2...];

Enables the routing of requests for particular file types (filetype1, filetype2, and so on) to CSP servers through the Web Gateway.

For example, if you want the Web Gateway to route requests sent to the /demo/app path if (and only if) they are requesting .csp or .cls files, issue the following directive block:

location /demo/app {
  CSPFileTypes csp cls;
}

Issuing the directive CSPFileTypes * enables the routing of requests for all file types.

This directive does not route requests for URLs which do not request files. Therefore, this directive is inappropriate for most APIs, which often specify paths at endpoints.

CSPNSD_response_headers_maxsize size;

Specifies the maximum size of headers for an HTTP response. If response headers exceed this size, the web client receives an error.

By default, the CSP extension module applies the directive CSPNSD_response_headers_maxsize 8k.

CSPNSD_connect_timeout time;

Specifies the timeout for connecting to the NSD when a request is received from the web client.

By default, the CSP extension module applies the directive CSPNSD_connect_timeout 300s.

CSPNSD_send_timeout time;

Specifies the timeout for a single send operation request (such as POST or PUT). The timeout is applied only between successive send operations; it does not apply to the completion of a single transmission once it has begun.

By default, the CSP extension module applies the directive CSP_send_timeout 300s.

CSPNSD_read_timeout time;

Specifies the timeout for a single read operation (such as GET) upon delivery of a response. The timeout is applied only between successive read operations; it does not apply to the completion of a transmission once it has begun.

By default, the CSP extension module applies the directive CSP_read_timeout 300s.

Example: Enable CSP Routing for All Traffic at a Particular Path

Place the following section within the appropriate server configuration block to route all traffic sent to the /csp path to the Web Gateway:

location /csp {
CSP On;
CSPNSD_pass localhost:7038;
}

Example: Route Requests for InterSystems IRIS File Types to the Web Gateway

Place the following section within the appropriate server configuration block to enable CSP routing for requests sent to the /csp path for the InterSystems IRIS file types (.csp, .cls, .zen, and .cxw) as well as file types required to serve static elements of the Management Portal interface:

location /csp {
CSPFileTypes  csp cls zen cxw .jpg .gif .png .svg .css .js;
CSPNSD_pass localhost:7038;
}

Additional Configuration Required to Use IDEs

To use VS Code with the InterSystems ObjectScript extensionsOpens in a new tab (or any IDE which uses the /api/atelier web application) as an ObjectScript IDE, you must perform the following additional modifications to your Nginx configuration:

  1. The /api/atelier web application uses HTTP headers which include underscores. By default, Nginx silently drops these headers. You must configure your Nginx server to include them. See https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#missing-disappearing-http-headersOpens in a new tab.

  2. Features such as the debugger require a WebSocket connection. By default, Nginx is not configured to support WebSockets. For information on enabling WebSockets, refer to the Nginx documentation: (http://nginx.org/en/docs/http/websocket.htmlOpens in a new tab).

Start and Stop Nginx and the NSD

To start Nginx:

/opt/nginx/sbin/nginx

To stop Nginx:

/opt/nginx/sbin/nginx –s stop

See Operating the NSD for instructions on how to operate the NSD.

Deprecated: Building Nginx to Work with the Universal Modules

Important:

Use of the Universal Modules with Nginx has been deprecated due to stability issues. Deployments of the Web Gateway which connect to Nginx using the NSD fully support all features, including WebSockets.

If you are currently using the Universal Modules with Nginx, InterSystems recommends upgrading to the most recent version of the Web Gateway and rebuilding your Nginx server to work with the NSD. Be sure to remove the CSPModulePath directive from your server configuration when you edit the server configuration file.

The following instructions serve as a reference for existing installations only.

Nginx can be built to work with the dynamically-linked Universal Modules CSPx.so (runtime) and CSPxSys.so (Web Gateway systems management). The procedure for building and configuring Nginx to work with the Universal Modules varies from the NSD-based deployment as follows:

  • In step 3, copy the module source code ngx_http_csp_module_sa.c, cspapi.h, and ngx_http_csp_common.h to the specified directory, instead of ngx_http_csp_module.c.

  • In step 4, the configuration file for CSP (/opt/nginx-n.n.n/csp/config) should read as follows:

    ngx_addon_name=ngx_http_csp_module_sa
    HTTP_MODULES="$HTTP_MODULES ngx_http_csp_module_sa"
    NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_csp_module_sa.c"
    
  • Add the CSPModulePath directive from the http configuration block to specify the path to the Universal Gateway Modules.

    CSPModulePath /opt/webgateway/bin;
    
  • The following directives are not supported:

    • CSPNSD_pass

    • CSPNSD_response_headers_maxsize

    • CSPNSD_connect_timeout

    • CSPNSD_send_timeout

    • CSPNSD_read_timeout

  • The following directives are supported:

    • CSP

    • CSPFileTypes

FeedbackOpens in a new tab