Skip to main content

Building and Configuring Nginx to Work With the Web Gateway (Windows)

This article describes how to build and configure an Nginx web server for use with the InterSystems Web Gateway on Windows. (On Windows, the other options are Apache and IIS; options are different on other operating systems.)

Nginx is an Open Source product. The source code can be downloaded free of charge from: http://nginx.org/Opens in a new tab

Some prebuilt kits are available for Windows which are, generally, a few builds behind the latest Nginx build. However, given that extensions must be compiled into the Nginx core, it is necessary to build the web server locally from the source code in order to include support for CSP.

After the steps in this article, you can use the Web Gateway management pages to further configure the Web Gateway.

Assumptions

This article assumes that

  • The CSP/Web Gateway components are installed in install-dir\csp\

  • The web server is installed in C:\nginx\

If the layout is different on your system, modify the configuration directives as appropriate.

Installation

The Web Gateway components and the CSP static files should be installed as follows:

  1. Web Gateway Network Service Daemon (NSD)

    • CSPnsd.exe (main binary)

    • CSPnsdSv.exe (Windows service)

    The default location for these files is install-dir\bin

    The configuration and log files are written in this directory.

  2. HyperEvents Components

    • CSPBroker.js

    • CSPxmlhttp.js

    The default location for these files is install-dir\csp\broker

    If these files are to be served as static components directly by the web server, copy them to C:\nginx\html\csp\broker

  3. Miscellaneous static resources used by the Management Portal

    A number of static web resources (such as image files) are required by the Management Portal. The default location for these files is install-dir\csp\sys

    If these files are to be served directly by the web server, copy these to C:\nginx\html\csp\sys

Building the Nginx Web Server for CSP

Most of the Web Gateway functionality is provided by the NSD (CSPnsd[Sv].exe). For CSP access, Nginx can be built and configured to communicate with the NSD through a small compiled-in module: ngx_http_csp_module_sa.c

Prerequisites for building Nginx:

The build instructions given here are based on the official documentation for building Nginx under Windows:

http://nginx.org/en/docs/howto_build_on_win32.htmlOpens in a new tab

The Nginx documentation stipulates that the following third party add-ons are also required:

However, it is possible to create a fully functional server without these components, provided the final installation doesn’t require the functionality that would otherwise be provided by them.

The default configuration script for building Nginx, including all optional modules listed above, is as follows:

auto/configure \
 --with-cc=cl \
 --with-debug \
 --prefix= \
 --conf-path=conf/nginx.conf \
 --pid-path=logs/nginx.pid \
 --http-log-path=logs/access.log \
 --error-log-path=logs/error.log \
 --sbin-path=nginx.exe \
 --http-client-body-temp-path=temp/client_body_temp \
 --http-proxy-temp-path=temp/proxy_temp \
 --http-fastcgi-temp-path=temp/fastcgi_temp \
 --http-scgi-temp-path=temp/scgi_temp \
 --http-uwsgi-temp-path=temp/uwsgi_temp \
 --with-cc-opt=-DFD_SETSIZE=1024 \
 --with-pcre=objs/lib/pcre-8.44 \
 --with-zlib=objs/lib/zlib-1.2.11 \
 --with-openssl=objs/lib/openssl-1.1.1k \
 --with-openssl-opt=no-asm \
 --with-http_ssl_module

The build process can be modified to exclude optional modules:

  • OpenSSL - Remove SSL/TLS capability:

    Remove directive: --with-http_ssl_module

  • Zlib - Remove GZIP capability:

    Add directive: --without-http_gzip_module

  • PCRE - Remove HTTP rewrite capability:

    Add directive: --without-http_rewrite_module

Procedure for Building Nginx for CSP

  1. Working in a MSYS2 shell, create the working directory structure suggested in the Nginx documentation:

    /opt/

  2. Working in /opt, check-out the Nginx source code using the following command:

    hg clone http://hg.nginx.org/nginx

    This places the Nginx source code under: /opt/nginx/

  3. Create a directory for the CSP extension:

    mkdir /opt/nginx/objs/lib/csp/
    
  4. Copy the module source code (ngx_http_csp_module.c) to the directory created in the previous step.

  5. In the same directory, create a configuration file called config. This file should contain the following lines:

    ngx_addon_name=ngx_http_csp_module
    HTTP_MODULES="$HTTP_MODULES ngx_http_csp_module"
    NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_csp_module.c"
  6. Working in /opt/nginx/, configure the Nginx build environment:

    auto/configure --with-cc=cl --builddir=objs --prefix=
                   --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid
                   --http-log-path=logs/access.log --error-log-path=logs/error.log
                   --sbin-path=nginx.exe
                   --http-client-body-temp-path=temp/client_body_temp
                   --http-proxy-temp-path=temp/proxy_temp
                   --http-fastcgi-temp-path=temp/fastcgi_temp
                   --with-cc-opt=-DFD_SETSIZE=1024 --without-http_rewrite_module
                   --without-http_gzip_module
                   --with-select_module --with-ipv6
                   --add-module=objs/lib/csp

    Note the final line containing the instructions to include the CSP module.

  7. Compile Nginx. This can be done in either the current MSYS2 shell or a Visual Studio developer command prompt.

    To use the MSYS2 shell, locate the vcvarsall.bat script corresponding to your desired Visual Studio build environment and compile Nginx.

    cd /c/path/to/vcvarsall
    vcvarsall.bat
    cd -
    nmake -f objs/Makefile

    Alternatively, if you do not know where to find vcvarsall.bat, you can open a Visual Studio developer command prompt, which will set up the build environment for you. First, convert the MSYS2 path to an equivalent Windows path in the current MSYS2 shell.

    cygpath –m $(pwd)

    Then, open a Visual Studio command prompt for your desired build environment and navigate to that Windows path. Compile Nginx.

    nmake -f objs/Makefile

    If successful, you should find the server (nginx.exe) in: /opt/nginx/objs/

  8. Install Nginx: The easiest way to do this is to first download and install a pre-built version of Nginx for Windows to obtain the directory structure (usually under C:\nginx\) then replace the nginx.exe file in that installation with the one created locally.

    The typical directory structure for an operational Nginx installation is as follows:

    Directory of C:\nginx
    
    03/07/2017  09:09    <DIR>          .
    03/07/2017  09:09    <DIR>          ..
    26/06/2017  10:14    <DIR>          conf
    26/06/2017  10:14    <DIR>          contrib
    10/05/2018  12:53    <DIR>          csp
    26/06/2017  10:14    <DIR>          docs
    26/06/2017  10:14    <DIR>          html
    10/05/2018  15:57    <DIR>          logs
    04/07/2017  15:52           715,264 nginx.exe
    26/06/2017  10:17    <DIR>          scgi_temp
    26/06/2017  10:17    <DIR>          temp
    26/06/2017  10:17    <DIR>          uwsgi_temp

    Replace the copy of nginx.exe in this directory with the version created by the build procedure.

Using the NSD with Nginx

The web server should be configured such that it recognizes InterSystems file types and passes them to the NSD for processing. The web server configuration file (nginx.conf) is found in C:\nginx\conf

The following configuration directives are provided for the CSP extension:

Syntax: CSP on|off;

Default: CSP off;

Context: location, if in location

Whether CSP is enabled for all requests to a particular path.

Syntax: CSPFileTypes [filetype ... ];

Default: —

Context: location, if in location

The file types for which CSP is enabled. To enable CSP for particular file types such as .csp or .cls, use the following directive.

CSPFileTypes csp cls;

To enable CSP for all file types, use *.

CSPFileTypes *;

Syntax: CSPNSD_pass hostname:port;

Default: —

Context: location, if in location

The hostname/IP and port where the NSD is listening. By default, the NSD listens at 127.0.0.1:7038. This directive is required.

Syntax: CSPNSD_response_headers_maxsize size ;

Default: CSPNSD_response_headers_maxsize 8k;

Context: location, if in location

The maximum size of the HTTP headers in a response. An error is returned to the web client if the response headers exceed this size.

Syntax: CSPNSD_connect_timeout time;

Default: CSPNSD_connect_timeout 300s ;

Context: location, if in location

Timeout for connecting to the NSD when a request is received from the web client.

Syntax: CSPNSD_send_timeout time ;

Default: CSPNSD_send_timeout 300s;

Context: location, if in location

Timeout for a single send operation to the NSD when sending a request. The timeout is set only between two successive write operations, not for the transmission of the whole request.

Syntax: CSPNSD_read_timeout time ;

Default: CSPNSD_read_timeout 300s;

Context: location, if in location

Timeout for a single read operation from the NSD when reading a response. The timeout is set only between two successive read operations, not for the transmission of the whole response.

Enabling CSP for a Particular Path

Place the following section within the appropriate server configuration block:

location /csp {
CSP On;
CSPNSD_pass localhost:7038;
}

Mapping InterSystems IRIS File Extensions

Place the following section within the appropriate server configuration block:

location /csp {
CSPFileTypes  csp cls zen cxw;
}

Starting and Stopping Nginx and the NSD

To start Nginx:

C:\nginx\nginx

To stop Nginx:

C:\nginx\nginx –s stop

See Operating the NSD for instructions on how to operate the NSD.

Building Nginx to Work with the Universal Modules

Important:

The following instructions serve as a reference only for existing installations.

Nginx can be built to work with the Universal Modules CSPx.dll (runtime) and CSPxSys.dll (Web Gateway systems management). The Universal Modules are dynamically linked modules that can be loaded by a CSP-enabled Nginx installation. Use of the Universal Modules is now deprecated and not recommended due to stability issues. Everyone using the Universal Modules should rebuild and reconfigure Nginx to use the NSD instead. To build Nginx to work with the Universal Modules, modify the build and configuration procedure as follows:

  • In step 4, copy the module source code ngx_http_csp_module_sa.c and ngx_http_csp_common.hinstead of ngx_http_csp_module.c.

  • In step 5, the configuration file for CSP (/opt/nginx/objs/lib/csp/config) should read as follows:

    ngx_addon_name=ngx_http_csp_module_sa
    HTTP_MODULES="$HTTP_MODULES ngx_http_csp_module_sa"
    NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_csp_module_sa.c"
  • Add the CSPModulePath directive to the http configuration block to specify the path to the Universal Gateway Modules.

    CSPModulePath install-dir/bin;
  • For Windows, the thread stack size must be increased to 2MB. Add the following directive to the top of the Nginx configuration file (before the http section).

    thread_stack_size 2000000;
  • The following directives are not supported:

    • CSPNSD_pass

    • CSPNSD_response_headers_maxsize

    • CSPNSD_connect_timeout

    • CSPNSD_send_timeout

    • CSPNSD_read_timeout

  • The following directives are supported:

    • CSP

    • CSPFileTypes

FeedbackOpens in a new tab