Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
This article provides a configuration file example for NGINGX being used as a reverse proxy for QlikView.
! NOTE: NGINX is a high performance, highly scalable, highly available web server, reverse proxy server, and web accelerator, but is also a third-party tool not supported by Qlik. Configuration of NGINX in combination with Qlik products cannot be supported by Qlik Product Support.
The provided NGINX rules have been internally tested by Qlik and are confirmed to work in a standard out of the box environment. Further customization might be necessary in other environments. Implement with caution.
The environment used in this example is a simple QlikView server installation on one server (server 2), and NGINX on another (server 1).
Please find below the settings for the nginx.conf file:
HTTP:
events {
worker_connections 1024;
}
http {
##################################################
######## Customize the Following Sections ########
##################################################
upstream qlikap {
server name_of_server2:80;
keepalive 64;
}
upstream qlikqmc {
server name_of_server2:4780;
keepalive 64;
}
##################################################
server {
listen 80 default_server;
server_name _;
proxy_pass_header Authorization;
### Set headers ###
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# X-Forwarded headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
# Proxy specific variables
proxy_read_timeout 30m;
proxy_send_timeout 30m;
proxy_http_version 1.1;
proxy_connect_timeout 5s;
# Needed for NTLM authentication
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#True if only server_name entered
location = / {
return 301 http://$host/qlikview/index.htm;
}
location ~* /qmc {
#Disable the Log files as it gets very noisy
access_log off;
log_not_found off;
proxy_pass http://qlikqmc;
}
location ~* / {
#Disable the Log files as it gets very noisy
access_log off;
log_not_found off;
proxy_pass http://qlikap;
}
}
}
HTTPS:
events {
worker_connections 1024;
}
http {
##################################################
######## Customize the Following Sections ########
##################################################
ssl_certificate ./conf/QVServer.domain.local.pem;
ssl_certificate_key ./conf/QVServer.domain.local.key;
##################################################
# Load balancing with sticky session enabled, minimum ONE backend server
# If upstream server uses HTTPS toggle proxy_pass options on lines 88/89
upstream qlikap {
server name_of_server2:443;
keepalive 64;
}
upstream qlikqmc {
server name_of_server2:4780;
keepalive 64;
}
##################################################
# Redirect all HTTP traffic to HTTPS
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
server_name name_of_server1;
proxy_pass_header Authorization;
### Set headers ###
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# X-Forwarded headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# Proxy specific variables
proxy_read_timeout 30m;
proxy_send_timeout 30m;
proxy_http_version 1.1;
proxy_connect_timeout 5s;
# Needed for NTLM authentication
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#True if only server_name entered
location = / {
return 301 https://$host:443/qlikview/index.htm;
}
location ~* / {
#Disable the Log files as it gets very noisy
access_log off;
log_not_found off;
proxy_pass https://qlikap;
}
location ~* /qmc {
#Disable the Log files as it gets very noisy
access_log off;
log_not_found off;
proxy_pass http://qlikqmc;
}
}
}
One important thing
Nginx community version does not support NTLM auth.
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#ntlm
"This directive is available as part of our commercial subscription."
Unless if you pay for nginx for works well we need in QMC the virtual proxy based on Form Authentication.