Nginx

From OpenKM Documentation
Jump to: navigation, search

Contents

Expose OpenKM directly from Tomcat or JBoss can be dangerous if you need the application to be accessed from Internet (for example https://issues.jboss.org/browse/JBAS-3861). As result you can be infected by PerlBot. Also this 8080 may be closed by a firewall. For these reasons, is a good idea expose your OpenKM installation through the standard web port 80. In the following steps we explain how to configure Nginx to handle these request and forward to Tomcat application server.

Internal IP vs external IP

Your OpenKM can be accessed from two different zones: Internet and LAN. This means that to access this server you need to use two IPs: external IP (Internet) and internal IP (LAN).

The internal IP address (also known as "local IP address") is the address that is assigned by your local network router that often begins with 192.168.x.x. These IP addresses can only be seen by other computers in your local network (LAN) and not by any computers connected in an external network such the Internet.

To reach the Internet or a computer in another network your computer is often assigned an external IP address, which can then be used to refer to the computer in your local network.

Internal ip.png

In the above picture, there are three computers in the local network that have each been assigned their own internal IP address by the router. The ISP is connected to the router and gives the router an external IP address that allows it to communicate with the Internet. On the Internet everyone sees your external IP address, but any information coming from the router is "converted" from the external IP address to the internal IP address.

So if you want your OpenKM installation accessible from both LAN and Internet, the trick here is configure the client computers to resolve your internal IP (192.168.0.50) if they are inside the LAN or the external IP if they are on Internet. To resolve the Internet IP (67.166.214.148) your computer uses the public DNS. So, you need to configure a sort of DNS server inside the LAN or modify every client host file to resolve to the internal IP.

Debian / Ubuntu

The first thing in to install the required Nginx software. From Debian / Ubuntu you can install Nginx with a single command:

$ sudo aptitude install nginx

Now create the configuration file /etc/nginx/sites-available/openkm with this content:

server {
    server_name openkm.your-domain.com; 
    rewrite ^/$ /OpenKM/ permanent;
 
    location /OpenKM/ {
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Server $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_pass http://localhost:8080/OpenKM/;
    }
}

Enable this site configuration:

 $ ln -s /etc/nginx/sites-available/openkm /etc/nginx/sites-enabled/

Finally restart Nginx:

$ sudo /etc/init.d/nginx restart

Now you can access your OpenKM installation from http://openkm.your-domain.com/. Another advantage of using Nginx is that you can log OpenKM access and generate web statistics.