Description
The 9.0 release of the web service has replaced Apache with an in-house developed web frontend (WFE) for handling API requests. Certain users may wish to configure a gateway web server to enforce custom policies.
The following provides users with a reference for configuring either Nginx or Apache as a gateway. Additionally, it describes various undocumented settings in the new frontend configuration should the user need to modify them.
<br>
Gateway Configuration
The following sections explain how to set up Nginx or Apache to proxy requests to the web service. For the purposes of this guide, it is assumed the gateway server will be installed on the same machine as the web service and the service is listening on port 8080. The gateway must use a different listening port number than the ExacqVision Web Service.
Note: You may wish to backup the existing host files if they exist.
<br>
Nginx
Edit the virtual hosts file, located in:
Windows: C:\nginx\conf\sites-available\default
Linux: /etc/nginx/sites-available/default
with the following configuration:
server { listen 80 default_server; server_name localhost; location / { proxy_pass http://127.0.0.1:8080; }}
<br>
Apache
NOTE: The installation directory for Apache on Windows will vary based on how it was installed.
- Run the OS-specific command to enable the necessary modules for Apache.
Windows:
Ensure the following lines in <apache install directory>\conf\httpd.conf are UNcommented; they do NOT begin with a ‘#‘.
LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_http_module modules/mod_proxy_http.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so<br>
Linux:
Open Terminal, by pressing CTRL+ALT+T and run the following commands:
sudo a2enmod proxysudo a2enmod proxy_httpsudo a2enmod proxy_balancersudo a2enmod lbmethod_byrequests<br><br>
- Edit the virtual hosts file with the following configuration:
<VirtualHost *:80>ProxyPreserveHost OnProxyPass / http://127.0.0.1:8080/ProxyPassReverse / http://127.0.0.1:8080/</VirtualHost>
NOTE: You MUST have the ‘/’ at the end of each address, unlike Nginx.<br><br>
- Apache and Nginx will require restart before they can accommodate proxy requests.
<br>
Modifying the Web Frontend (WFE) configuration
The configuration for WFE contains several options that are omitted by default. These options can be used to place additional constraints on the web service if necessary.
The configuration file, which is stored as JSON, is located at:
Windows:C:\ProgramData\Webservice\conf\wfe.json
Linux:/etc/webservice/wfe.json
If you wish to restrict the service to listen for HTTP requests on a particular NIC, you can do so by specifying the NIC’s address using the webserver.address key:
{ "webserver": { "listen": 8080, "address": 192.168.1.115, [...] }}
NOTE: If the target is an IPv6 address, you MUST enclose the address in square brackets [ ].
<br>
The same can be done for HTTPS requests with the webserver.tls.address key:
{ "webserver": { "listen": 8080, "tls": { "listen": 443, "address": [fe80::...], [...] } }}
<br>
The way the web service handles HTTP requests when HTTPS is configured can be controlled with the webserver.tls.httpPolicy key:
{ "webserver": { "listen": 8080, "tls": { "listen": 443, "httpPolicy": (redirect|disable), [...] } }}
The key can be one of the following values:
- “redirect” will cause HTTP traffic to be redirected to HTTPS
- “disable” will reject any requests not sent over HTTPS
NOTE: This key will only take effect if SSL is configured.
<br>