🧰 Web server and gateway setup (Dev)¶
This document contains the full setup guide for:
- Web servers (
dev-web01,dev-web02) - Gateway servers with HA using Keepalived (
dev-gw01,dev-gw02)
🌐 Web Server Setup (dev-web01, dev-web02)¶
Web Roots¶
| App | Path |
|---|---|
| tqweb-pub | /var/www/html |
| tqweb-adm | /var/www/html-adm |
| tqweb-b2b | /var/www/html-b2b |
API Proxying¶
- All web apps proxy
/tq-api/to backend API servers:dev-api01:8080dev-api02:8080
- Handled at the web server level, not gateway
📄 NGINX Configuration Files (Web Servers)¶
/etc/nginx/sites-available/tqweb-pub.conf¶
server {
listen 80;
server_name tqweb-pub.vanevski.net;
root /var/www/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location /tq-api/ {
proxy_pass http://tqapi_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite ^/tq-api/(.*)$ /$1 break;
proxy_connect_timeout 10;
proxy_read_timeout 30;
}
}
upstream tqapi_backend {
server dev-api01:8080;
server dev-api02:8080;
}
/etc/nginx/sites-available/tqweb-adm.conf¶
server {
listen 80;
server_name tqweb-adm.vanevski.net;
root /var/www/html-adm;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location /tq-api/ {
proxy_pass http://tqapi_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite ^/tq-api/(.*)$ /$1 break;
proxy_connect_timeout 10;
proxy_read_timeout 30;
}
}
upstream tqapi_backend {
server dev-api01:8080;
server dev-api02:8080;
}
/etc/nginx/sites-available/tqweb-b2b.conf¶
server {
listen 80;
server_name tqweb-b2b.vanevski.net;
root /var/www/html-b2b;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location /tq-api/ {
proxy_pass http://tqapi_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite ^/tq-api/(.*)$ /$1 break;
proxy_connect_timeout 10;
proxy_read_timeout 30;
}
}
upstream tqapi_backend {
server dev-api01:8080;
server dev-api02:8080;
}
🚪 Gateway Setup (dev-gw01, dev-gw02)¶
- NGINX: SSL-offloading reverse proxy
- Keepalived: HA setup with floating IP
192.168.1.10 - OS: Ubuntu Server 22.04
- Interface:
ens18
🧰 Keepalived Setup¶
Install:¶
/etc/keepalived/keepalived.conf on dev-gw01:¶
vrrp_instance VI_1 {
state MASTER
interface ens18
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass vaneSecret
}
virtual_ipaddress {
192.168.1.10
}
}
On dev-gw02, change:¶
state BACKUPpriority 100
Start:¶
🔒 NGINX Gateway Configs (example for tqweb-pub)¶
/etc/nginx/conf.d/tqweb-pub-ssl.conf¶
server {
listen 80;
server_name tqweb-pub.vanevski.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name tqweb-pub.vanevski.net;
ssl_certificate /etc/ssl/certs/vanevski.net.crt;
ssl_certificate_key /etc/ssl/private/vanevski.net.key;
location / {
proxy_pass http://backend_pub;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
upstream backend_pub {
server dev-web01:80;
server dev-web02:80;
}
Repeat similar configs for
tqweb-admandtqweb-b2b, using separate upstreams.
