Using a load balancer with Hansoft Web Service

It is possible to use a load balancer or reverse proxy with Hansoft Web Service. This functionality is optional but can be helpful to improve performance and availability of your web service.

It is important to remember that using a load balancer will also enable other users to connect to your Hansoft Web Service with an incorrect FQDN in the URL. As such, you should consider blocking access to your Hansoft Web Service for anyone not using the load balancer.

In order to configure the load balancer, Hansoft Web Service must be running. In this example, it runs at https://127.0.0.1:443 and optional other ports.

Use the following steps to set up a load balancer configuration for Nginx:

1. Add the following option to your HPMWebConfig.json file:

Copy 
"CheckForInvalidHost": false

Note:  You must write this exactly as shown in the example above, with quotes around the option name but not around the value false. This does not follow the standard conventions for this file, but is correct in this case.

2. Restart the web service.

3. Download and unzip Nginx.

4. Edit conf/nginx.conf with the following:

Copy 
# nginx.conf for https://hansoft.example.com:9443
# with HPMWeb running at https://127.0.0.1:443 and optional other locations. 
#
# Note that by default, nginx does not check certificates for 
# upstreams servers.

events {
    worker_connections  1024;    
}


http {
  upstream hpmwebinstances {
     server 127.0.0.1:443; # Edit this to match where HPMWeb listens 
#    server 127.0.0.1:444; # Uncomment these to add more HPMWeb instances
#    server 127.0.0.1:445;
#    server 127.0.0.1:446;
}

  server {
    listen 9443 ssl; # Port number for incoming connections
    server_name hansoft.example.com; # Server name for incoming connections

        ssl_certificate     web.pem; # This goes in conf/web.pem
        ssl_certificate_key web.key; # This goes in conf/web.key
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

    # Special handling for websocket connections
    location /websocket { 
        proxy_pass https://hpmwebinstances;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }

    # All other connections are forwarded
    location / {
      proxy_pass https://hpmwebinstances;
    }
  }
}

Note:  Note that a “sticky” section is required to be able to handle authentication when using multiple upstream servers. Refer to the Nginx documentation for more information.

5. Place a server certificate and certificate key in conf/web.key and conf/web.pem.

6. Launch nginx.exe.

7. Connect to https://hansoft.example.com:9443/ through your web browser.

If the DNS and certificates are correct, you will be logged in to the Hansoft Web Service.