Configure Nginx to allow SSL load balancing between clustered SAP Mobile Platform 3.0
In this blog, we are going to see how to configure nginx, to allow secured load balancing between SAP Mobile Platform (SMP) clustered servers. This method of load balancing allowed for Agentry applications, that is deployed in the SMP clustered environment. This load balancing also uses SSL certificate from trusted certificate authority.
Perquisites:
- Installed SMP 3.0 SP08 or higher, with multiple server nodes, clustered which is using same database.
- Nginx or Nginx Plus servers installed in the same hosted server of SMP or in separated server.
- You have Admin rights on the server where in Nginx is installed.
- Have IP and host of SMP server’s details handy.
- Agentry application is deployed to the SMP servers and is in working condition, when accessed individually from the respective application server.
- Ensure the ports 8080 and 8081 are open in the nginx installed server.
Configuration Steps:
Navigate to the path <installation drive>:\nginx\conf\nginx.conf
Place the KEY and PEM certificate file, created using company’s trusted certificate authority. The CN of the certificate to be of the nginx hosted fully qualified domain name (FQDN).
We are going to use port 8080 for HTTP and 8081 for HTTPS
Place the KEY and PEM in the path <installation drive>:\nginx\conf\nginx.conf
Take a backup of conf file.
Edit the conf file, with below like entries. Here we are declaring the backend detail i.e. SMP Server details with port to nginx service.
upstream backend {
server <hostname or IP of SMP1>:8081;
server <hostname or IP of SMP2>:8081;
server <hostname or IP of SMPn>:8081;
}Next is to add details in the configuration file, so that nginx can listen to the port, and to use the SSL certificate that we have placed in the nginx path. This is declared under “server” module of nginx conf file.
listen 8081 ssl;
server_name smpproxy;
ssl_certificate "C:/nginx/conf/SMP_PROXY_SERVER.pem";
ssl_certificate_key "C:/nginx/conf/SMP_PROXY_SERVER.key";We can further configure for the session timeout, cipher values, protocols do be used etc
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
Finally, to call the declared SMP Servers which are configured to upstream server module.
Save the nginx file and restart the nginx to take effect of the configured changes. The configuration file will not be effective until the nginx conf file is reloaded or restarted.
Start the command prompt with Admin access and navigate to <installation drive>:\nginx
Type the command “nginx -s reload”
This will change configuration, start new worker processes with a new configuration, graceful shutdown of old worker processes. Check if nginx process is running .
Check the nginx load balancer URL by launching the Syclo Application URL. “I am here” message should be displayed on accessing the URL. You can also verify the SSL certificate that attached to the nginx URL using the lock symbol in the browser.
https://<nginx_FDQN>:8081/<sycloapplicationsuffix>
Looking forward to your feedback and comments.