Nginx: Difference between revisions

From VoIPmonitor.org
No edit summary
(Create page: Nginx reverse proxy configuration for VoIPmonitor GUI)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:Nginx Reverse Proxy Configuration}}
[[Category:Configuration]]
[[Category:Web GUI]]


= Nginx Reverse Proxy Configuration =


These options are necessary to configure in nginx configuration file (by default /etc/nginx/nginx.conf) usable contexts are (http, server, location):
This guide covers Nginx configuration as a reverse proxy for the VoIPmonitor GUI, addressing common issues with large data transfers and long-running operations.


'''Changes from default value'''
== Common Problems ==
proxy_buffer_size          128k;
proxy_buffers              4 256k;
proxy_busy_buffers_size    256k;
proxy_temp_file_write_size 256k;


{| class="wikitable"
! Problem !! Symptom !! Solution
|-
| Large data requests || Errors downloading reports/PCAPs || Increase buffer sizes
|-
| Long operations || 504 Gateway Timeout || Increase timeout values
|-
| SSO redirect loops || Google/Microsoft Sign-In fails || Add <code>X-Forwarded-Proto</code> header
|-
| Backend down || 502 Bad Gateway || Check Apache/PHP-FPM status
|}


'''504 Gateway Timeout error using Nginx as Proxy'''
== Recommended Configuration ==


Add these variables to nginx.conf file:
Add this configuration to your Nginx <code>location</code> block:
proxy_connect_timeout      3600;
proxy_send_timeout          3600;
proxy_read_timeout          3600;
send_timeout                3600;


Further links that can be usefull:
<syntaxhighlight lang="nginx">
http://www.nginxtips.com/504-gateway-time-out-using-nginx/
location / {
http://stackoverflow.com/questions/561946/how-do-i-prevent-a-gateway-timeout-with-fastcgi-on-nginx
    proxy_pass http://127.0.0.1:80;
 
    # Buffer settings for large reports/PCAP downloads
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
 
    # Timeout settings (1 hour for long-running operations)
    proxy_connect_timeout 3600s;
    proxy_send_timeout 3600s;
    proxy_read_timeout 3600s;
    send_timeout 3600s;
 
    # Required headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
    # CRITICAL for SSO (Google/Microsoft Sign-In)
    proxy_set_header X-Forwarded-Proto $scheme;
}
</syntaxhighlight>
 
{{Warning|1=The <code>X-Forwarded-Proto</code> header is '''required''' for SSO (Google/Microsoft Sign-In) when SSL is terminated at Nginx. Without it, you will experience redirect loops.}}
 
=== Apply Changes ===
 
<syntaxhighlight lang="bash">
# Test configuration syntax
sudo nginx -t
 
# Reload configuration
sudo systemctl reload nginx
</syntaxhighlight>
 
== Troubleshooting ==
 
=== 504 Gateway Timeout ===
 
Increase all timeout values in the Nginx configuration. The default timeouts are too short for:
* Large CDR exports
* Bulk PCAP downloads
* Complex report generation
 
=== 502 Bad Gateway ===
 
The backend service is not responding. Check:
 
<syntaxhighlight lang="bash">
# Check Apache status
systemctl status apache2
 
# Or check PHP-FPM status
systemctl status php-fpm
</syntaxhighlight>
 
=== SSO Redirect Loops ===
 
If Google or Microsoft Sign-In fails with redirect loops:
 
1. Verify <code>X-Forwarded-Proto</code> header is set
2. Check that the header value matches the actual protocol (<code>https</code>)
3. Ensure the GUI's configured URL matches the public URL
 
== Apache Alternative (Without Nginx) ==
 
If using Apache with mod_fcgid directly (not behind Nginx), increase these timeouts in Apache configuration:
 
<syntaxhighlight lang="apache">
FcgidIOTimeout 900
FcgidIdleTimeout 900
FcgidConnectTimeout 900
FcgidProcessLifeTime 900
</syntaxhighlight>
 
<syntaxhighlight lang="bash">
# Apply changes
systemctl restart apache2  # Debian/Ubuntu
systemctl restart httpd    # RHEL/CentOS
</syntaxhighlight>
 
{{Tip|These settings fix "server side error - connection to the web server was lost" when loading dashboards or charts.}}
 
== See Also ==
 
* [[GUI_installation|GUI Installation]]
* [[Google_Sign_in_usage|Google Sign-In Configuration]]
* [[Microsoft_Sign_in_usage|Microsoft Sign-In Configuration]]
* [[GUI_troubleshooting|GUI Troubleshooting]]
 
== AI Summary for RAG ==
 
'''Summary:''' Nginx reverse proxy configuration guide for VoIPmonitor GUI. Covers buffer settings (<code>proxy_buffer_size</code>, <code>proxy_buffers</code>) for large data downloads and timeout settings (<code>proxy_read_timeout</code>, etc.) set to 3600s to prevent 504 errors on long operations. Critical: <code>X-Forwarded-Proto</code> header must be set for SSO (Google/Microsoft Sign-In) to prevent redirect loops when SSL terminates at Nginx. Also covers Apache mod_fcgid timeout configuration (FcgidIOTimeout, FcgidIdleTimeout) for environments not using Nginx.
 
'''Keywords:''' nginx, reverse proxy, 504 gateway timeout, 502 bad gateway, proxy_buffer_size, proxy_buffers, proxy_read_timeout, X-Forwarded-Proto, SSO, SSL termination, redirect loop, apache, mod_fcgid, FcgidIOTimeout, timeout configuration
 
'''Key Questions:'''
* How do I fix 504 Gateway Timeout in Nginx with VoIPmonitor?
* What are the recommended Nginx buffer settings for VoIPmonitor?
* Why does Google/Microsoft Sign-In fail behind Nginx reverse proxy?
* How do I fix SSO redirect loops with SSL termination?
* What are the recommended timeout values for Nginx with VoIPmonitor?
* How do I fix Apache timeout errors when loading VoIPmonitor dashboards?

Latest revision as of 16:47, 8 January 2026


Nginx Reverse Proxy Configuration

This guide covers Nginx configuration as a reverse proxy for the VoIPmonitor GUI, addressing common issues with large data transfers and long-running operations.

Common Problems

Problem Symptom Solution
Large data requests Errors downloading reports/PCAPs Increase buffer sizes
Long operations 504 Gateway Timeout Increase timeout values
SSO redirect loops Google/Microsoft Sign-In fails Add X-Forwarded-Proto header
Backend down 502 Bad Gateway Check Apache/PHP-FPM status

Recommended Configuration

Add this configuration to your Nginx location block: 

location / {
    proxy_pass http://127.0.0.1:80;

    # Buffer settings for large reports/PCAP downloads
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;

    # Timeout settings (1 hour for long-running operations)
    proxy_connect_timeout 3600s;
    proxy_send_timeout 3600s;
    proxy_read_timeout 3600s;
    send_timeout 3600s;

    # Required headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # CRITICAL for SSO (Google/Microsoft Sign-In)
    proxy_set_header X-Forwarded-Proto $scheme;
}

⚠️ Warning: The X-Forwarded-Proto header is required for SSO (Google/Microsoft Sign-In) when SSL is terminated at Nginx. Without it, you will experience redirect loops.

Apply Changes

# Test configuration syntax
sudo nginx -t

# Reload configuration
sudo systemctl reload nginx

Troubleshooting

504 Gateway Timeout

Increase all timeout values in the Nginx configuration. The default timeouts are too short for:

  • Large CDR exports
  • Bulk PCAP downloads
  • Complex report generation

502 Bad Gateway

The backend service is not responding. Check: 

# Check Apache status
systemctl status apache2

# Or check PHP-FPM status
systemctl status php-fpm

SSO Redirect Loops

If Google or Microsoft Sign-In fails with redirect loops:

1. Verify X-Forwarded-Proto header is set 2. Check that the header value matches the actual protocol (https) 3. Ensure the GUI's configured URL matches the public URL

Apache Alternative (Without Nginx)

If using Apache with mod_fcgid directly (not behind Nginx), increase these timeouts in Apache configuration: 

FcgidIOTimeout 900
FcgidIdleTimeout 900
FcgidConnectTimeout 900
FcgidProcessLifeTime 900

# Apply changes
systemctl restart apache2   # Debian/Ubuntu
systemctl restart httpd     # RHEL/CentOS

💡 Tip: These settings fix "server side error - connection to the web server was lost" when loading dashboards or charts.

See Also

AI Summary for RAG

Summary: Nginx reverse proxy configuration guide for VoIPmonitor GUI. Covers buffer settings (proxy_buffer_size, proxy_buffers) for large data downloads and timeout settings (proxy_read_timeout, etc.) set to 3600s to prevent 504 errors on long operations. Critical: X-Forwarded-Proto header must be set for SSO (Google/Microsoft Sign-In) to prevent redirect loops when SSL terminates at Nginx. Also covers Apache mod_fcgid timeout configuration (FcgidIOTimeout, FcgidIdleTimeout) for environments not using Nginx.

Keywords: nginx, reverse proxy, 504 gateway timeout, 502 bad gateway, proxy_buffer_size, proxy_buffers, proxy_read_timeout, X-Forwarded-Proto, SSO, SSL termination, redirect loop, apache, mod_fcgid, FcgidIOTimeout, timeout configuration

Key Questions:

  • How do I fix 504 Gateway Timeout in Nginx with VoIPmonitor?
  • What are the recommended Nginx buffer settings for VoIPmonitor?
  • Why does Google/Microsoft Sign-In fail behind Nginx reverse proxy?
  • How do I fix SSO redirect loops with SSL termination?
  • What are the recommended timeout values for Nginx with VoIPmonitor?
  • How do I fix Apache timeout errors when loading VoIPmonitor dashboards?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Nginx&oldid=10033"