Installing into a Load Balancing Environment
Prerequisites
When installing the application on a Windows Server load balancing environment, you must perform the following steps:
- Download the latest version of NGINX from https://nginx.org/en/download.html.
- Extract the zip file. In this example, the nginx.exe file is unzipped to the C:\nginx folder.
- Replace the nginx.config file, located at C:\nginx\conf with the config gfile provided below. This sample config file must be modified by replacing <ip_address>:<port_number> with the appropriate IP address and port number.
- Install the application on the first node. Note that you will need to provide some additional information when installing in a load balanced environment.
- Install the application on each additional node. Most of the information is defaulted, based on the information provided in the first installation. In most cases, the information should not be changed when installing the additional nodes.
- Ensure that all the nodes have access to the shared storage location.
Sample NGINX.Config file
This sample config file supports both HTTP and HTTPS.
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#add_header X-Request-ID $request_id;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for" $request_id'
# 'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name $host to: $upstream_addr: $request $status upstream_response_time $upstream_response_time msec $msec request_time $request_time';
#access_log logs/access.log main;
access_log logs/access.log upstreamlog;
sendfile on;
keepalive_timeout 65;
#servers to balance for HTTP
upstream voicecheckhttp {
#uses only the first three octets of the IP address for selecting the backend node
ip_hash;
#nginx use the complete remote IP address for hash
#hash $remote_addr;
keepalive 100;
server <ip_address>:<port_number>;
server <ip_address>:<port_number>;
}
#servers to balance for https
upstream voicecheckhttps {
#uses only the first three octets of the IP address for selecting the backend node
ip_hash;
#nginx use the complete remote IP address for hash
#hash $remote_addr;
keepalive 100;
server <ip_address>:<port_number>;
server <ip_address>:<port_number>;
}
server {
listen <Nginx port_No>;
server_name <Nginx server ip_address>;
location / {
proxy_pass http://voicecheckhttp;
proxy_set_header Host $http_host;
#client_max_body_size should be modified based on what the application supports.
client_max_body_size 100M;
#proxy_set_header X-Request-ID $request_id;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root html;
# }
}
server {
listen <Nginx port_No> ssl;
server_name <Nginx server ip_address>;
# openssl req -x509 -nodes -days 1000 -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.crt
ssl_certificate "C:\\certs\\cert1\\nginx-selfsigned1.crt";
ssl_certificate_key "C:\\certs\\cert1\\nginx-selfsigned1.key";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#access_log logs/host.access.log main;
location / {
proxy_pass https://voicecheckhttps;
proxy_set_header Host $http_host;
client_max_body_size 100M;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root html;
# }
}
}
All items above in brackets, such as <ip_address> are placeholders that must be replaced with the actual value.
SSL items, such as ssl_certificate, list an absolute path. Modify this path as necessary.
HTTPS Communications
Refer to http://nginx.org/en/docs/http/configuring_https_servers.html for Nginx HTTPS setup.
For information on using HTTPS with VoiceCheck see Security Considerations.
Certificates and Android Devices
Ensure the Android device and the NGINX server are on the same network and verify the Android device can log into the NGINX HTTPS application URL
Installation Wizard
The primary node must be installed first.
Install Primary Node
On the Cluster Configuration Screen of the installation wizard:
- Check Load Balanced Environment.
- Check Will this instance be the primary node?
- Enter the Shared Storage path chosen.
- Complete the installation for this node.
Install Non-Primary Node
On the Cluster Configuration Screen of the installation wizard:
- The primary node instance installation must already be completed.
- Check Load Balanced Environment.
- Do not check Will this instance be the primary node?
- Enter the Shared Storage path chosen.
- Complete the installation for this node.
- Repeat for any additional non-primary nodes.
Silent installation may also be used for these nodes .Click the Generate script button at the end of an install to generate an .xml file containing the installation selections. Use this script to perform additional silent installations.