Running Guzzle using nginx - ja-guzzle/guzzle_docs GitHub Wiki
- Install nginix
- Configure atlas to run on different context path other than /
- Creation of self signed certificate
- Configure ngnix
- Other items
- References
sudo apt-get install nginx
- Create new file jetty-web.xml in the /opt/apache-atlas-2.0.0/server/webapp/atlas/WEB-INF
- Put below content in the file
<?xml version="1.0" encoding="UTF-8"?>
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/atlas</Set>
</Configure>
- For Guzzle 1.0, update Atlas URL at $GUZZLE_HOME/conf/atlas.yml to reflect below: htts://xxxxx/atlas
atlas:
password: admin
url: https://guzzlemp4.southeastasia.cloudapp.azure.com/atlas
username: admin
hdfs:
name_node: sandbox-hdp.hortonworks.com:8020
version: 1
- Restart Atlas service
#To Stop
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export MANAGE_LOCAL_HBASE=true
export MANAGE_LOCAL_SOLR=true
/opt/apache-atlas-2.0.0/bin/atlas_stop.py
#To start
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export MANAGE_LOCAL_HBASE=true
export MANAGE_LOCAL_SOLR=true
#export SERVER_SERVLET_CONTEXT_PATH=/atlas
/opt/apache-atlas-2.0.0/bin/atlas_start.py
Note: Atlas sync will not work:
- The self signed certificate that is being used will not work when Guzzle tries to do Atlas sync. When running sync update atlas.yml to point to 21000 port and revert back once sync is done. If you have valid certificate then this will not apply. No restart is required of API when doing this
atlas:
password: admin
#url: https://guzzlemp4.southeastasia.cloudapp.azure.com/atlas
url: http://localhost:21000/atlas ## Do note use guzzlemp4.southeastasia.cloudapp.azure.com as this will route via internet where 21000 port is not open
username: admin
hdfs:
name_node: sandbox-hdp.hortonworks.com:8020
version: 1
mkdir -p /home/guzzle/certs1
cd /home/guzzle/certs1 #Go to appropriate directory to hold the SSL certs
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt # Enter all the details
- Configure default site (make it only listen on https) to have following entries in :
sudo vi /etc/nginx/sites-available/default
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /guzzle/web;
ssl_certificate /home/guzzle/certs1/localhost.crt;
ssl_certificate_key /home/guzzle/certs1/localhost.key;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri /index.html;
}
location /api/ {
proxy_pass http://localhost:9090;
}
location /atlas/ {
proxy_pass http://localhost:21000;
}
}
- Restart nginx
sudo service nginx restart
- You need to expose only 443 port and ssh of Guzzle VM to users network (this can be selected VPNs/public IP)
- Guzzle API CAN run on non-SSL as the request will be tunneled via nginx. Which means the API does not need below settings (in application.yml in guzzle 1.0 and guzzle-api.yml in 2.0):
- You have to update the /guzzle/web/index.html appropriately to point to the https (443) URL of API. Do take note that this config continues to remain hard-coded
- Guzzle startup script does not need to start the node HTTP server any more. Instead web server will be via nginx.
- https://medium.com/@johnbrett/create-react-app-push-state-nginx-config-a9f7530621c1 (tough we did not put the entry if the explictly file is being requested then show 404 if they are not available)