Skip to content

Instantly share code, notes, and snippets.

@esfand

esfand/part1.md

Last active September 24, 2020 19:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save esfand/7963875 to your computer and use it in GitHub Desktop.
Save esfand/7963875 to your computer and use it in GitHub Desktop.
Download ZIP
Serving Static Content with Nginx
Raw
part1.md

OFBiz or Bonsai ERP, and nginx

Submitted by anne on 10 Oct 2011

OFBiz can quite happily service all http and https requests on its own, and many people run it this way.

However there are many possible reasons why you might want to put OFBiz behind a traditional http server, such as Apache. Perhaps you want to more efficiently serve static resources, or manage virtual domains, or restrict access in complicated ways, or also serve php or cgi pages.

Typically OFBiz is placed behind Apache using a connector such as mod_proxy_ajp, as documented at How To Httpd .

Another option is to use nginx instead of Apache. This is the option we normally choose.

Nginx does not have the extensive feature set of Apache, so for some situations Apache is definitely the better choice. But we think nginx is a much better option if you don’t need those infrequently-used features. Some of the reasons why we choose nginx are:

  • efficient serving of static content
  • small memory footprint (we often use VPS systems with less than 1GB of RAM, so this is important)
  • easy to serve “traditional” web sites and pages alongside OFBiz
  • simpler and smaller attack surface
  • easier to configure IP and similar access restrictions (than via OFBiz)
  • easier to apply traffic limits
  • easier to configure SSL certificates

For us, the first two reasons are the important ones, the others are bonuses.

So, how do we put OFBiz (or in our case, Bonsai ERP) behind nginx?

How will it work?

We will have OFBiz listening to its usual ports 8443 and 8080, but only at the localhost interface (127.0.0.1). It will no longer respond on those ports to outside requests.

Nginx will listen to the standard web ports 80 and 443, at the public interface, so it will respond to requests from outside.

Any request received by nginx will be immediately forwarded to OFBiz. The response generated by OFBiz will be sent by OFBiz to nginx, which will then forward it to the original requester.

We will also tell OFBiz that it should not generate links using its default settings. If it did, then it would generate links similar to https://localhost:8443/, which will not work. Instead we will force it to generated links of the form https://www.example.com/, which can be handled by nginx.

How to do it?

First step is to ensure OFBiz is listening only to localhost (127.0.0.1). To do this, edit framework/base/config/ofbiz-containers.xml and change every

<property name=“address” value=“0.0.0.0”/>

to

<property name=“address” value=“127.0.0.1”/>

Now we ensure OFBiz uses the correct URLs.

Edit framework/webapp/config/url.properties and ensure the following settings:

port.https=443
force.https.host=www.example.com
port.http=80
force.http.host=www.example.com

Replace www.example.com with the domain name you will be using to access OFBiz.

Next we configure nginx (I assume you’ve already installed it – see also http://wiki.nginx.org/). I won’t cover basic nginx settings, the nginx web site covers those. Here I will discuss only those settings relevant to getting nginx and OFBiz talking to each other.

We use one server section for the SSL server, and another for the non-SSL. As far as the Bonsai ERP relevant settings are concerned, the two setups are almost identical. So let’s look at the non-SSL setup first, and then I’ll explain what is different for the SSL setup.

In the non-SSL server section, ensure you have a location section like this:

location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded_For $proxy_add_x_forwarded_for;
}

This tells nginx to forward all requests directly to the server listening on port 8080 of localhost, which in our case is OFBiz. We also set some specific headers so OFBiz has the possibility to know where the request is really coming from.

The SSL server section should have an almost identical location section. The only difference is that the 8080 should instead be 8443.

It’s probably a good idea to check your firewall is blocking outside connections to ports 8080 and 8443.

And that’s it! You should now be able to access OFBiz via nginx, which is listening to ports 80 and 443.

What’s next?

Of course, this setup is very basic, and does not really take advantage of the presence of nginx. For example, even images are being served by the heavyweight OFBiz. It would be much better if they could be served directly by nginx.

In future articles we will see how to extend this configuration to take advantage of nginx’s presence.9

Raw
part2.md

Static content served with nginx

Submitted by anne on 30 Oct 2011

If you followed my last article you now have OFBiz (or Bonsai ERP) running behind nginx. But it isn’t yet taking advantage of nginx goodness. So next I am going to show you how to take the load of serving static content away from OFBiz, and give it to nginx instead.

How will it work?

Most of OFBiz’s static content is served via the images webapp. We will configure nginx to look there for static files such as jpg, png, gif, css, and js, and serve them directly if found. If not found, nginx should ask OFBiz to supply the right response to the request.

How to do it?

First set nginx’s root to point to the images webapp directory. If you have OFBiz or Bonsai ERP installed in /opt/bonsaierp, you would ensure the following line was inside nginx’s server sections for both SSL and non-SSL servers.

root /opt/bonsaierp/framework/images/webapp/images;

This tells nginx to look in this directory for files if it hasn’t been told otherwise.

Next find the location section we added last time to the nginx configuration, and change the / to @bonsaierp so it looks like this:

location @bonsaierp {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded_For $proxy_add_x_forwarded_for;
}

Of course, the 8080 will be 8443 for the SSL version.

This location does nothing on its own. Other location sections we create below will refer to this one. It’s an easy way to keep the OFBiz interaction commands in one spot.

Next add a location section specifically aimed at the static files:

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
    try_files $uri @bonsaierp;
    expires 7d;
}

The expires line is optional, but nice to have. The expires tells the user’s browser that it can keep a copy of this file for up to 7 days before needing to fetch a new copy. This speeds page loads for repeat visitors.

The try_files tells nginx to first look in the root directory, which we specified earlier, for the requested file. If it isn’t found, then ask OFBiz for it using the instructions in the @bonsaierp location.

Finally add a new location that will be used for requests that don’t match the js,css,png,etc location.

location / {
    try_files $uri @bonsaierp;
}

What’s next?

We are now getting value out of having installed nginx. As most requests to a web server are typically for static files, we’ve just greatly reduced the load on our web server, and can serve the same number of visitors faster and with much lower memory usage.

But there are a few more niceties we might want to add. I’ll mention some of those in the next article, and show a full nginx server section configuration.

@bagasme
Copy link

bagasme commented Sep 3, 2019

In recent versions (I use 16.11.05), edit framework/base/ofbiz-component.xml instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment