Nginx: Difference between revisions

From VoIPmonitor.org
(Add Apache/mod_fcgid timeout configuration section for users not using Nginx reverse proxy)
(Create page: Nginx reverse proxy configuration for VoIPmonitor GUI)
 
Line 1: Line 1:
{{DISPLAYTITLE:Nginx Configuration for VoIPmonitor GUI}}
{{DISPLAYTITLE:Nginx Reverse Proxy Configuration}}
 
[[Category:Configuration]]
'''This guide provides recommended Nginx configurations for running the VoIPmonitor GUI, especially when Nginx is used as a reverse proxy. These settings are crucial for handling large data requests and preventing timeout errors on long-running operations.'''
[[Category:Web GUI]]
 
== Overview ==
 
When using Nginx as a reverse proxy in front of the VoIPmonitor GUI (which is often served by Apache + PHP-FPM), the default Nginx settings for buffers and timeouts may be too low for typical VoIPmonitor usage. This can lead to two common problems:
 
* Errors when viewing large reports, downloading many PCAPs at once, or generating significant charts.
* "504 Gateway Timeout" errors when performing actions that take a long time to process on the backend, such as complex database queries or bulk data operations.
 
The following directives help resolve these issues by increasing Nginx's capacity to handle large responses and by extending its patience for slow backend processes.
 
== Recommended Nginx Configuration ==


These settings should be placed within the <code>http</code>, <code>server</code>, or <code>location</code> block of your Nginx configuration file (e.g., <code>/etc/nginx/nginx.conf</code> or <code>/etc/nginx/sites-available/default</code>). Applying them within the <code>location</code> block that proxies requests to the GUI is the most common approach.
= Nginx Reverse Proxy Configuration =


=== 1. Increasing Buffer Sizes ===
This guide covers Nginx configuration as a reverse proxy for the VoIPmonitor GUI, addressing common issues with large data transfers and long-running operations.


These directives increase the memory buffers Nginx uses to handle responses from the backend VoIPmonitor server. This is essential for preventing errors when the GUI generates a large amount of data.
== Common Problems ==


; Configuration Directives
{| class="wikitable"
* <code>proxy_buffer_size</code>: Sets the size of the buffer used for reading the first part of the response from the proxied server (typically the headers).
! Problem !! Symptom !! Solution
* <code>proxy_buffers</code>: Configures the number and size of buffers used for reading the rest of the response.
|-
* <code>proxy_busy_buffers_size</code>: Sets the maximum size of buffers that can be "busy" (being sent to the client) before Nginx starts buffering to disk. This should be at least as large as one of the <code>proxy_buffers</code>.
| Large data requests || Errors downloading reports/PCAPs || Increase buffer sizes
|-
| Long operations || 504 Gateway Timeout || Increase timeout values
|-
| SSO redirect loops || Google/Microsoft Sign-In fails || Add <code>X-Forwarded-Proto</code> header
|-
| Backend down || 502 Bad Gateway || Check Apache/PHP-FPM status
|}


=== 2. Extending Timeouts ===
== Recommended Configuration ==


These directives increase the time Nginx will wait for the backend to respond before giving up and returning a "504 Gateway Timeout" error. This is critical for long-running GUI operations.
Add this configuration to your Nginx <code>location</code> block:
 
; Configuration Directives
* <code>proxy_connect_timeout</code>: How long to wait for a connection to the backend server to be established.
* <code>proxy_send_timeout</code>: How long to wait for the backend to accept data after a write operation.
* <code>proxy_read_timeout</code>: How long to wait for the backend to send data after a read operation.
* <code>send_timeout</code>: How long to wait for the client to accept data.
 
=== Example Configuration Block ===
 
Here is a complete example of a <code>location</code> block for your Nginx server configuration, incorporating all the recommended changes.


<syntaxhighlight lang="nginx">
<syntaxhighlight lang="nginx">
location /voipmonitor {
location / {
    # Your standard proxy_pass directive to the backend
     proxy_pass http://127.0.0.1:80;
     proxy_pass http://127.0.0.1:8080; # Adjust to your backend Apache/PHP-FPM address


     # --- Recommended Buffer Settings ---
     # Buffer settings for large reports/PCAP downloads
    # Increase buffers to handle large reports and downloads
     proxy_buffer_size 128k;
     proxy_buffer_size         128k;
     proxy_buffers 4 256k;
     proxy_buffers             4 256k;
     proxy_busy_buffers_size 256k;
     proxy_busy_buffers_size   256k;
    proxy_temp_file_write_size 256k;


     # --- Recommended Timeout Settings ---
     # Timeout settings (1 hour for long-running operations)
    # Extend timeouts to prevent 504 errors on long-running tasks
     proxy_connect_timeout 3600s;
     proxy_connect_timeout     3600s; # 1 hour
     proxy_send_timeout 3600s;
     proxy_send_timeout         3600s;
     proxy_read_timeout 3600s;
     proxy_read_timeout         3600s;
     send_timeout 3600s;
     send_timeout               3600s;


     # Standard proxy headers
     # Required headers
     proxy_set_header   Host             $host;
     proxy_set_header Host $host;
     proxy_set_header   X-Real-IP       $remote_addr;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


     # --- CRITICAL for SSO/SSL Termination ---
     # CRITICAL for SSO (Google/Microsoft Sign-In)
    # When using a reverse proxy (e.g., AWS ALB) that handles SSL termination
     proxy_set_header X-Forwarded-Proto $scheme;
    # and connects to the backend over HTTP, this header tells the GUI that
    # the original client request was HTTPS. Without it, SSO redirects may fail
    # or cause redirect loops because the GUI generates http:// URLs instead of https://
     proxy_set_header   X-Forwarded-Proto $scheme;
}
}
</syntaxhighlight>
</syntaxhighlight>


After adding these settings, test your Nginx configuration and reload the service:
{{Warning|1=The <code>X-Forwarded-Proto</code> header is '''required''' for SSO (Google/Microsoft Sign-In) when SSL is terminated at Nginx. Without it, you will experience redirect loops.}}
 
=== Apply Changes ===


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# Test configuration syntax
sudo nginx -t
sudo nginx -t
# Reload configuration
sudo systemctl reload nginx
sudo systemctl reload nginx
</syntaxhighlight>
</syntaxhighlight>
Line 81: Line 64:
== Troubleshooting ==
== Troubleshooting ==


=== SSO Fails Behind Reverse Proxy ===
=== 504 Gateway Timeout ===
 
; Problem
Google Sign-In or Microsoft Sign-In fails or causes redirect loops when the VoIPmonitor GUI is accessed through a reverse proxy that handles SSL termination.
 
; Cause
The reverse proxy terminates HTTPS and forwards requests to the backend GUI over HTTP. Without the correct headers, the GUI believes it is running on an insecure protocol and generates HTTP URLs, breaking the OAuth callback flow.
 
; Solution
Ensure the <code>X-Forwarded-Proto</code> header is set in your Nginx configuration:
 
<syntaxhighlight lang="nginx">
proxy_set_header  X-Forwarded-Proto $scheme;
</syntaxhighlight>
 
=== 502 Bad Gateway Errors ===


; Problem
Increase all timeout values in the Nginx configuration. The default timeouts are too short for:
Intermittent 502 errors when accessing the GUI.
* Large CDR exports
* Bulk PCAP downloads
* Complex report generation


; Possible Causes
=== 502 Bad Gateway ===
* Backend (Apache/PHP-FPM) is not running or crashed
* Upstream connection refused


; Solution
The backend service is not responding. Check:
Check backend service status:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# Check Apache status
systemctl status apache2
systemctl status apache2
# Or check PHP-FPM status
systemctl status php-fpm
systemctl status php-fpm
</syntaxhighlight>
</syntaxhighlight>


=== Apache/mod_fcgid Timeout Errors (Without Nginx) ===
=== SSO Redirect Loops ===


If you are '''not''' using Nginx as a reverse proxy and are experiencing timeout errors with Apache directly, the solution involves adjusting Apache's <code>mod_fcgid</code> (FastCGI) timeout settings instead.
If Google or Microsoft Sign-In fails with redirect loops:


; Problem
1. Verify <code>X-Forwarded-Proto</code> header is set
The GUI intermittently shows "server side error - check your http server error log. - connection to the web server was lost / interrupted," especially when loading dashboards with large data sets or generating complex reports.
2. Check that the header value matches the actual protocol (<code>https</code>)
3. Ensure the GUI's configured URL matches the public URL


; Cause
== Apache Alternative (Without Nginx) ==
The Apache <code>mod_fcgid</code> module has default timeout limits that are too short for VoIPmonitor's long-running database queries related to dashboard chart generation and report processing.


; Solution
If using Apache with mod_fcgid directly (not behind Nginx), increase these timeouts in Apache configuration:
Increase the <code>mod_fcgid</code> timeout values in your Apache configuration file (<code>httpd.conf</code>, <code>apache2.conf</code>, or a virtual host configuration block):


<syntaxhighlight lang="apache">
<syntaxhighlight lang="apache">
<IfModule mod_fcgid.c>
FcgidIOTimeout 900
    # Time to wait for a connection to the FastCGI process
FcgidIdleTimeout 900
    FcgidConnectTimeout 900
FcgidConnectTimeout 900
 
FcgidProcessLifeTime 900
    # Time to wait for FastCGI responses (15 minutes)
    FcgidIOTimeout 900
 
    # Maximum lifetime of any FastCGI process (15 minutes)
    FcgidProcessLifeTime 900
 
    # Maximum idle time for a FastCGI process before it's terminated
    FcgidIdleTimeout 900
 
    # Maximum time waiting for output from FastCGI application
    FcgidOutputBufferSize 65536
</IfModule>
</syntaxhighlight>
</syntaxhighlight>
After making these changes, restart Apache:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# CentOS/RHEL/AlmaLinux
# Apply changes
sudo systemctl restart httpd
systemctl restart apache2  # Debian/Ubuntu
 
systemctl restart httpd    # RHEL/CentOS
# Debian/Ubuntu
sudo systemctl restart apache2
</syntaxhighlight>
</syntaxhighlight>


For more comprehensive Apache troubleshooting, see [[GUI_troubleshooting]].
{{Tip|These settings fix "server side error - connection to the web server was lost" when loading dashboards or charts.}}
 
== External Resources ==
 
* [http://www.nginxtips.com/504-gateway-time-out-using-nginx/ NginxTips: 504 Gateway Time-out using Nginx]
* [http://stackoverflow.com/questions/561946/how-do-i-prevent-a-gateway-timeout-with-fastcgi-on-nginx Stack Overflow: How do I prevent a gateway timeout with FastCGI?]


== See Also ==
== See Also ==


* [[Google_Sign_in_usage]] - Google Sign-In configuration (mentions X-Forwarded-Proto for SSO)
* [[GUI_installation|GUI Installation]]
* [[Microsoft_Sign_in_usage]] - Microsoft Sign-In configuration
* [[Google_Sign_in_usage|Google Sign-In Configuration]]
* [[GUI_installation]] - GUI installation guide
* [[Microsoft_Sign_in_usage|Microsoft Sign-In Configuration]]
* [[GUI_troubleshooting|GUI Troubleshooting]]


== AI Summary for RAG ==
== AI Summary for RAG ==


'''Summary:''' This guide provides recommended Nginx configuration settings for running the VoIPmonitor GUI, particularly when Nginx is used as a reverse proxy. It addresses two common problems: errors with large data requests and "504 Gateway Timeout" errors on long-running operations. To solve issues with large reports or bulk downloads, it recommends increasing buffer sizes with directives like <code>proxy_buffer_size</code> and <code>proxy_buffers</code>. To prevent 504 timeouts, it advises increasing timeout values with directives like <code>proxy_connect_timeout</code> and <code>proxy_read_timeout</code>, typically setting them to a high value like 3600 seconds (1 hour). The article provides a complete, annotated Nginx location block example that incorporates all the recommended settings, ready to be adapted by administrators. Critical for SSO: the <code>X-Forwarded-Proto</code> header must be set to prevent redirect loops when using SSL termination at the proxy level. For users '''not''' using Nginx, the guide also includes Apache/mod_fcgid timeout configuration (FcgidIOTimeout, FcgidIdleTimeout, FcgidConnectTimeout, FcgidProcessLifeTime) for fixing "server side error - connection to the web server was lost" errors when experiencing timeouts with Apache directly.
'''Summary:''' Nginx reverse proxy configuration guide for VoIPmonitor GUI. Covers buffer settings (<code>proxy_buffer_size</code>, <code>proxy_buffers</code>) for large data downloads and timeout settings (<code>proxy_read_timeout</code>, etc.) set to 3600s to prevent 504 errors on long operations. Critical: <code>X-Forwarded-Proto</code> header must be set for SSO (Google/Microsoft Sign-In) to prevent redirect loops when SSL terminates at Nginx. Also covers Apache mod_fcgid timeout configuration (FcgidIOTimeout, FcgidIdleTimeout) for environments not using Nginx.


'''Keywords:''' nginx, reverse proxy, proxy, 504, gateway timeout, timeout, buffer, proxy_buffers, proxy_buffer_size, proxy_read_timeout, performance, gui, web interface, X-Forwarded-Proto, SSO, SSL termination, 502 bad gateway, apache, httpd, mod_fcgid, fcgid, FcgidIOTimeout, FcgidIdleTimeout, FcgidConnectTimeout, FcgidProcessLifeTime, server side error, connection lost interrupted, web server error log, dashboard timeout, chart timeout
'''Keywords:''' nginx, reverse proxy, 504 gateway timeout, 502 bad gateway, proxy_buffer_size, proxy_buffers, proxy_read_timeout, X-Forwarded-Proto, SSO, SSL termination, redirect loop, apache, mod_fcgid, FcgidIOTimeout, timeout configuration


'''Key Questions:'''
'''Key Questions:'''
* How do I fix a "504 Gateway Timeout" error in Nginx with VoIPmonitor?
* How do I fix 504 Gateway Timeout in Nginx with VoIPmonitor?
* What are the recommended Nginx settings for VoIPmonitor?
* What are the recommended Nginx buffer settings for VoIPmonitor?
* How can I increase the proxy buffer size in Nginx?
* Why does Google/Microsoft Sign-In fail behind Nginx reverse proxy?
* Why am I getting errors when downloading large reports or many PCAPs from the GUI?
* How do I fix SSO redirect loops with SSL termination?
* How to configure Nginx as a reverse proxy for Apache/PHP-FPM?
* What are the recommended timeout values for Nginx with VoIPmonitor?
* What do <code>proxy_buffers</code> and <code>proxy_read_timeout</code> do?
* How do I fix Apache timeout errors when loading VoIPmonitor dashboards?
* Why does SSO fail behind a reverse proxy with SSL termination?
* How do I fix redirect loops with Google Sign-In behind Nginx?
* How do I fix Apache timeout errors when VoIPmonitor GUI charts fail to load?
* What mod_fcgid settings should I adjust for dashboard timeout errors?
* How to increase httpd timeout for VoIPmonitor GUI?
 
[[Category:Configuration]]
[[Category:GUI]]

Latest revision as of 16:47, 8 January 2026


Nginx Reverse Proxy Configuration

This guide covers Nginx configuration as a reverse proxy for the VoIPmonitor GUI, addressing common issues with large data transfers and long-running operations.

Common Problems

Problem Symptom Solution
Large data requests Errors downloading reports/PCAPs Increase buffer sizes
Long operations 504 Gateway Timeout Increase timeout values
SSO redirect loops Google/Microsoft Sign-In fails Add X-Forwarded-Proto header
Backend down 502 Bad Gateway Check Apache/PHP-FPM status

Recommended Configuration

Add this configuration to your Nginx location block: 

location / {
    proxy_pass http://127.0.0.1:80;

    # Buffer settings for large reports/PCAP downloads
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;

    # Timeout settings (1 hour for long-running operations)
    proxy_connect_timeout 3600s;
    proxy_send_timeout 3600s;
    proxy_read_timeout 3600s;
    send_timeout 3600s;

    # Required headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # CRITICAL for SSO (Google/Microsoft Sign-In)
    proxy_set_header X-Forwarded-Proto $scheme;
}

⚠️ Warning: The X-Forwarded-Proto header is required for SSO (Google/Microsoft Sign-In) when SSL is terminated at Nginx. Without it, you will experience redirect loops.

Apply Changes

# Test configuration syntax
sudo nginx -t

# Reload configuration
sudo systemctl reload nginx

Troubleshooting

504 Gateway Timeout

Increase all timeout values in the Nginx configuration. The default timeouts are too short for:

  • Large CDR exports
  • Bulk PCAP downloads
  • Complex report generation

502 Bad Gateway

The backend service is not responding. Check: 

# Check Apache status
systemctl status apache2

# Or check PHP-FPM status
systemctl status php-fpm

SSO Redirect Loops

If Google or Microsoft Sign-In fails with redirect loops:

1. Verify X-Forwarded-Proto header is set 2. Check that the header value matches the actual protocol (https) 3. Ensure the GUI's configured URL matches the public URL

Apache Alternative (Without Nginx)

If using Apache with mod_fcgid directly (not behind Nginx), increase these timeouts in Apache configuration: 

FcgidIOTimeout 900
FcgidIdleTimeout 900
FcgidConnectTimeout 900
FcgidProcessLifeTime 900

# Apply changes
systemctl restart apache2   # Debian/Ubuntu
systemctl restart httpd     # RHEL/CentOS

💡 Tip: These settings fix "server side error - connection to the web server was lost" when loading dashboards or charts.

See Also

AI Summary for RAG

Summary: Nginx reverse proxy configuration guide for VoIPmonitor GUI. Covers buffer settings (proxy_buffer_size, proxy_buffers) for large data downloads and timeout settings (proxy_read_timeout, etc.) set to 3600s to prevent 504 errors on long operations. Critical: X-Forwarded-Proto header must be set for SSO (Google/Microsoft Sign-In) to prevent redirect loops when SSL terminates at Nginx. Also covers Apache mod_fcgid timeout configuration (FcgidIOTimeout, FcgidIdleTimeout) for environments not using Nginx.

Keywords: nginx, reverse proxy, 504 gateway timeout, 502 bad gateway, proxy_buffer_size, proxy_buffers, proxy_read_timeout, X-Forwarded-Proto, SSO, SSL termination, redirect loop, apache, mod_fcgid, FcgidIOTimeout, timeout configuration

Key Questions:

  • How do I fix 504 Gateway Timeout in Nginx with VoIPmonitor?
  • What are the recommended Nginx buffer settings for VoIPmonitor?
  • Why does Google/Microsoft Sign-In fail behind Nginx reverse proxy?
  • How do I fix SSO redirect loops with SSL termination?
  • What are the recommended timeout values for Nginx with VoIPmonitor?
  • How do I fix Apache timeout errors when loading VoIPmonitor dashboards?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Nginx&oldid=10033"