docs: Add page for setting up nginx

mnit-rtmc · Jun 18, 2024 · ea28ce3 · ea28ce3
1 parent b7e698d
commit ea28ce3
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 7 deletions.
diff --git a/docs/README.md b/docs/README.md
@@ -28,4 +28,4 @@ integrate into an existing authentication system.
 [database]: database.html
 [GPL]: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
 [Java]: http://www.java.com
-[nginx]: https://nginx.org/en/
+[nginx]: nginx.html
diff --git a/docs/installation.md b/docs/installation.md
@@ -183,6 +183,6 @@ login. After creating and logging in with a real administrator [account], the
 [database]: database.html
 [Download]: http://iris.dot.state.mn.us/rpms/
 [Fedora]: http://fedoraproject.org
-[nginx]: https://nginx.org/en/
+[nginx]: nginx.html
 [OpenJDK]: http://openjdk.java.net
 [PostgreSQL]: http://www.postgresql.org
diff --git a/docs/nginx.md b/docs/nginx.md
@@ -0,0 +1,35 @@
+# Nginx
+
+IRIS relies on the popular [nginx] web server for TLS termination. This frees
+IRIS from handling security-critical HTTPS communication for its [REST API].
+
+IRIS has two nginx configuration files:
+1. `nginx-iris.conf`: For HTTP (unencrypted) resources: Java client, XML,
+ map tiles, mayfly
+2. `nginx-rest.conf`: For HTTPS (encrypted) resources: Web client, REST API
+
+The NGINX configuration file at `/etc/nginx/nginx.conf` needs to be edited
+for this configuration.
+
+In the first server block (listening on port 80), make this change:
+```diff
+ # Load configuration files for the default server block.
+- include /etc/nginx/default.d/*.conf;
++ include /etc/nginx/default.d/nginx-iris.conf;
+```
+
+The second server block (listening on port 443) needs to be enabled
+(uncommented). Also, a valid [certificate] must be created and stored at
+`/etc/pki/nginx/server.crt`, with a private key at
+`/etc/pki/nginx/private/server.key`.
+
+Once everything is configured, restart nginx with:
+
+```sh
+systemctl restart nginx
+```
+
+
+[certificate]: https://letsencrypt.org/getting-started/
+[nginx]: https://nginx.org/en/
+[rest api]: rest_api.html
diff --git a/etc/nginx-iris-cache.conf b/etc/nginx-iris-cache.conf
@@ -13,8 +13,3 @@ proxy_cache_path /var/cache/nginx/earthwyrm-iris/tms levels=1:2
 proxy_cache_path /var/cache/nginx/mayfly levels=1:2
  keys_zone=mayfly:10m max_size=512g inactive=100w
  use_temp_path=off;
-
-# NGINX doesn't recognise webassembly mime typs yet
-types {
- application/wasm wasm;
-}