Wyn Enterprise Administration Guide

Wyn Enterprise: Using Nginx as Reverse Proxy

This article describes the HTTPS configuration steps to use Nginx as a reverse proxy to deploy Wyn Enterprise with HTTPS. However, the primary objective of this article is to configure the reverse proxy to map a public URL to the internal server in the reverse proxy.

For this, you need to expose two web applications to the internet when you publish Wyn Enterprise. These web applications are identity service and portal. Also, you must have your own domain name, for example *.grapecitydev.com and its associated SSL certificates.

Deploy Wyn Enterprise with HTTPS

The following steps describe the steps to use Nginx on Ubuntu 16.04 as a reverse proxy for deploying Wyn Enterprise with HTTPS.

  1. Install Nginx using the following command.

    sudo apt-get update
    sudo apt-get install nginx
    
  2. Create the domain name for the portal that you have purchased and then map the domain name to your server's DNS or host IP. For example, portal.grapecitydev.com.

  3. Put your SSL certificates on the server.

  4. Setup the reverse proxy with HTTPS in the Nginx configuration file. The configuration file of Nginx locates in '/etc/nginx/sites-available' and the name is "default".

    Use the following command to open the configuration file in the text editor.

    sudo vi /etc/nginx/sites-available/default
    
  5. Modify the configuration file and update the details regarding the SSL certificates and application as shown in the below sample file.

    server {
      listen 443;
    
      ssl on;
      ssl_certificate /etc/ssl/grapecitydev_chain.crt;
      ssl_certificate_key /etc/ssl/grapecitydev.key;
      server_name portal.grapecitydev.com;
      large_client_header_buffers 4 32k;
    
      location / {
            proxy_pass http://localhost:51980;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection keep-alive;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_connect_timeout       60s;
            proxy_send_timeout          60s;
            proxy_read_timeout          60s;
            send_timeout                60s;
            sendfile on;
            proxy_buffer_size 64k;
            proxy_buffers   32 32k;
            proxy_busy_buffers_size 128k;
            fastcgi_buffers 8 16k;
            fastcgi_buffer_size 32k;
           client_max_body_size 8M;
      }
    }
    
  6. Restart the Nginx using the below command.

    sudo service nginx restart
    
  7. If you use "server" authentication (identity server provider is "server"), there is no need to modify the Wyn configuration file. The default content of the Wyn configuration file is as shown.

    Note that the configuration file in Linux is located here - /opt/Wyn/Monitor/Wyn.conf.

    <?xml version="1.0" encoding="utf-8"?>
      <SystemConfig xmlns:sys="https://extendedxmlserializer.github.io/system" xmlns="clr-namespace:ConfigMigration.Configuration.V50;assembly=ConfigMigration">
      <Version>5.0</Version>
      <GlobalSettings>
        <IdentityServerUrl>http://localhost:51981</IdentityServerUrl>
        <EnableEncryptedConnectionString>false</EnableEncryptedConnectionString>
      </GlobalSettings>
      <Services>
        <Server>
          <Urls>http://*:51981</Urls>
          <DataExtraction>
            <StorageType>Postgres</StorageType>
            <ConnectionString>Host=localhost;Port=5444;UserName=wyn-enterprise;Password=Wr8TGfe2r0;Database=wyndatacache;</ConnectionString>
          </DataExtraction>
          <Storage>
            <StorageType>Postgres</StorageType>
            <ConnectionString>Host=localhost;Port=5444;UserName=wyn-enterprise;Password=Wr8TGfe2r0;Database=wynserverdata;</ConnectionString>
          </Storage>
          <IdentityServer>
            <Provider>Server</Provider>
            <HideWynIcon>false</HideWynIcon>
            <HideTrialKeyButton>false</HideTrialKeyButton>
            <StorageType>Postgres</StorageType>
            <ConnectionString>Host=localhost;Port=5444;UserName=wyn-enterprise;Password=Wr8TGfe2r0;Database=wynis;</ConnectionString>
          </IdentityServer>
          <VersionsManagerURL>https://wyn-builds.grapecity.com</VersionsManagerURL>
          <ThemeDesigner>
            <Url>https://wyn-themes.grapecity.com</Url>
          </ThemeDesigner>
          <ServerCluster>
            <PrimaryNode>
              <Host>127.0.0.1</Host>
              <Port>51990</Port>
            </PrimaryNode>
            <Host>127.0.0.1</Host>
            <Secret>5eae120678c08952212cce0de79b31bc6db9ef6bf5bdcd9142d24586d06541e8</Secret>
            <Port>51991</Port>
          </ServerCluster>
        </Server>
        <Portal>
          <Urls>http://*:51980</Urls>
          <AuthorizedWebApplicationUrls>
            <sys:string>http://localhost:51980</sys:string>
          </AuthorizedWebApplicationUrls>
          <IdentityServer>
            <Provider>Server</Provider>
            <HideWynIcon>false</HideWynIcon>
            <HideTrialKeyButton>false</HideTrialKeyButton>
          </IdentityServer>
          <BuiltInHttps />
        </Portal>
        <Worker>
          <Urls>http://localhost:51982</Urls>
        </Worker>
        <CotWorker>
          <Urls>http://localhost:51983</Urls>
        </CotWorker>
        <DataSourceService>
          <Urls>http://localhost:51988</Urls>
        </DataSourceService>
        <DashboardWorker>
          <Urls>http://localhost:51984</Urls>
        </DashboardWorker>
      </Services>
      <Cluster>
        <Host>127.0.0.1</Host>
        <Secret>acf09f60bd3ce34a529cda1cffc9df3bf5055f64a9ebbdcb574d9a421fce13c3</Secret>
        <Port>51990</Port>
        <Role>primary</Role>
      </Cluster>
    </SystemConfig> 
    
  8. If you use "portal" authentication, change the identity service URL in the Wyn configuration file.

    <?xml version="1.0" encoding="utf-8"?>
    <SystemConfig xmlns:sys="https://extendedxmlserializer.github.io/system" xmlns="clr-namespace:ConfigMigration.Configuration.V50;assembly=ConfigMigration">
      <Version>5.0</Version>
      <GlobalSettings>
        <IdentityServerUrl>https://portal.grapecitydev.com</IdentityServerUrl>
        <EnableEncryptedConnectionString>false</EnableEncryptedConnectionString>
      </GlobalSettings>
      <Services>
         <Server>
          <Urls>http://*:51981</Urls>
          <DataExtraction>
            <StorageType>Postgres</StorageType>
            <ConnectionString>Host=localhost;Port=5444;UserName=wyn-enterprise;Password=Wr8TGfe2r0;Database=wyndatacache;</ConnectionString>
          </DataExtraction>
          <Storage>
            <StorageType>Postgres</StorageType>
            <ConnectionString>Host=localhost;Port=5444;UserName=wyn-enterprise;Password=Wr8TGfe2r0;Database=wynserverdata;</ConnectionString>
          </Storage>
          <IdentityServer>
            <Provider>Portal</Provider>
            <HideWynIcon>false</HideWynIcon>
            <HideTrialKeyButton>false</HideTrialKeyButton>
            <StorageType>Postgres</StorageType>
            <ConnectionString>Host=localhost;Port=5444;UserName=wyn-enterprise;Password=Wr8TGfe2r0;Database=wynis;</ConnectionString>
          </IdentityServer>
          <VersionsManagerURL>https://wyn-builds.grapecity.com</VersionsManagerURL>
          <ThemeDesigner>
            <Url>https://wyn-themes.grapecity.com</Url>
          </ThemeDesigner>
          <ServerCluster>
            <PrimaryNode>
              <Host>127.0.0.1</Host>
              <Port>51990</Port>
            </PrimaryNode>
            <Host>127.0.0.1</Host>
            <Secret>5eae120678c08952212cce0de79b31bc6db9ef6bf5bdcd9142d24586d06541e8</Secret>
            <Port>51991</Port>
          </ServerCluster>
        </Server>
        <Portal>
          <Urls>http://*:51980</Urls>
          <AuthorizedWebApplicationUrls>
            <sys:string>http://localhost:51980</sys:string>
          </AuthorizedWebApplicationUrls>
          <IdentityServer>
            <Provider>Portal</Provider>
            <StorageType>Postgres</StorageType>
            <ConnectionString>Host=localhost;Port=5444;UserName=wyn-enterprise;Password=Wr8TGfe2r0;Database=wynis;</ConnectionString>
            <HideWynIcon>false</HideWynIcon>
            <HideTrialKeyButton>false</HideTrialKeyButton>
          </IdentityServer>
          <RequireHttps>true</RequireHttps>
          <Cookie>
            <ShareCookie>false</ShareCookie>
          </Cookie>
          <AuthorizedWebApplicationUrls>
            <sys:string>https://portal.grapecitydev.com</sys:string>
          </AuthorizedWebApplicationUrls>
        </Portal>
        <Worker>
          <Urls>http://localhost:51982</Urls>
        </Worker>
        <CotWorker>
          <Urls>http://localhost:51983</Urls>
        </CotWorker>
        <DataSourceService>
          <Urls>http://localhost:51988</Urls>
        </DataSourceService>
        <DashboardWorker>
          <Urls>http://localhost:51984</Urls>
        </DashboardWorker>
      </Services>
      <Cluster>
        <Host>127.0.0.1</Host>
        <Secret>acf09f60bd3ce34a529cda1cffc9df3bf5055f64a9ebbdcb574d9a421fce13c3</Secret>
        <Port>51990</Port>
        <Role>primary</Role>
      </Cluster>
    </SystemConfig> 
    

    Note: Since HTTPS uses port 443 by default, you need to add the inbound rule in the firewall to allow the 443 port to be accessed remotely.