Howto: Install and Configure Baasbox behind an NGINX SSL Reverse Proxy

Howto: Install and Configure Baasbox behind an NGINX SSL Reverse Proxy

One of my new best friends in the mobile development world is Baasbox, a ridiculously easy to use backend-as-a-service. Oh, did I mention that it was open source? It ships with for SDKs for iOS, Android and Javascript. It handles everything for you from application server to database to user management, social features and more.

In this tutorial, we are going to install Baasbox, and then configure it behind an NGINX Reverse Proxy.

For those of you who are really smart, you can ignore the following paragraph, as I’m going to offer a very simplified explanation of a reverse proxy and why we would want to do that!

Why would I want NGINX as a reverse proxy, and what is a reverse proxy anyway?!?

Thanks for asking! Let’s start with NGINX. NGINX is a really good web server that consumes far less resources than other competing web servers. The standard version is free to use. NGINX really excels at handles lots of traffic without getting bogged down with all the traffic. Its built in SSL support is also really good. Using NGINX as a reverse proxy is just a fancy way of saying we are going to use NGINX as a gateway to our Baasbox server. NGINX is going to proxy traffic to and from our clients and Baasbox providing security (SSL) and reliability as well.

Server Setup

To get started, you will need access to a linux based server with sudo access. I’m going to spin up a new Ubuntu 15.04 server on my Rackspace account. I’m using the Standard template (512MB RAM, 20GB HD) that costs in the ballpark of $15 per month, give or take a few dollars depending on my bandwidth. I host a number of websites on a similar instance and don’t think I’ve ever paid more than $20 CAD for a months usage + bandwidth. In other words, I’m a happy Rackspace customer. While I’m on the topic of recommendations, if you have high-bandwidth needs, my friends over at Unmetered.com are also great. I use them for media streaming and also am a happy customer. I should ask them for an affiliate link or something!

Ok, back to setting up our server. Now that my fresh new Ubuntu server has provisioned, I’m going to log in and:

I like having everything up to date before getting started.

Baasbox

First, let’s install Baaxbox. The latest Baasbox should be run on Oracle Java 8. In order to install that, we need a bit of setup. First, some tools:

Now, Java 8:

And finally verify the Java install:

Create a directory and install Baasbox:

Adjust the unzip/cd commands to the version you downloaded. As of right now, it’s 0.9.2.

Make sure the start command can be executed:

and then fire up Baasbox!

Now, when you browse to http://your-ip-or-domain:9000 you get a nice page that looks like this:

baas-box-welcome

Control+C will stop the server. Let’s edit the start file with

You will want to change the default app code, so have a look at the start file:

And right after the exec java  command add  -Dapplication.code=newappcode . It should look like this:

You will also want to have your Baasbox run all the time, not just when you are logged into a shell. I use and recommend the Supervisor Daemon. Here is a great howto from Digital Ocean that I used to get up and running in a few minutes. This will keep Baasbox running 24/7 and even start it on a system reboot. Very nice!

NGINX

Now, let’s install NGINX and verify the install once it finishes:

As of this writing, the current stable NGINX release is 1.8, but 1.6 was installed from the Ubuntu repositories. For the more adventurous among you, feel free to install from source or the Nginx PPA on Launchpad.

Now if you browse to http://your-server-ip-address you should a nice welcome message.

welcome-to-nginx-on-ubuntu

 

Next, let’s make sure our NGINX install supports SSL. Use a similar command as above, but use a capital V:

We are looking for the  --with-http_ssl_module  setting which I see in the list of installed modules above so I’m good to go.

Now, let’s go and get an SSL certificate. I buy mine from namecheap.com. In particular, I buy the $9.00 USD PositiveSSL certificate.

Instead of duplicating the instructions of creating an SSL certificate here, I’m going to point you to a great tutorial on Linode.com that deals specifically with generating both self-signed and commercial certificates for NGINX. This is the tutorial I used recently so I can vouch for it effectiveness.

I’m going to assume you will follow along and install your certificates in this location:  /srv/ssl/

We need to configure NGINX to use that certificate, so:

On this fresh installation of NGINX, I only have one host file, “default”. On my production box, I have multiple vhost files. The configuration is the same, except for the server_name  attribute. I will list that in my configuration though, so you can adjust as necessary.

Edit the host file:

Let me walk you through this file line by line.

Lines 1-5: This section redirects all http request to https to ensure that all traffic is encrypted.

Line 8: This is important. We need to specify our server public IP address and 443 port. Remember only one IP address can bind to port 443. This can trip people up (like me) if you’re not careful and try and bind two virtual domains to the same IP address and port 443.

Line 11: This is your domain name and any sub-domains that you want this vhost to handle.

Lines 13-21: Our SSL config. I literally copied this code from another site and changed the cert names and everything just worked. I’m not a server admin expert so I like when things just work! I should really read up on what all the options are and so should you. Consider yourself warned.

Line 23: Points to the hard drive location of our web files.

Lines 25 – 35: This is the reverse proxy magic. In this case, I’m rewriting mydomain.com/api to proxy (pass traffic to) Baasbox at http://localhost:9000. So, instead of http://my-ip-or-domain.com:9000/console/ I now browse to https://mydomain.com/api/console.

NGINX handles all of the SSL stuff and Baasbox is just, well, Baasbox.

Lines 44 – 55: This is where I configure PHP with fastcgi, but you can ignore these parameters if all you want is Baasbox. I host my web app at domain.com and Baasbox at domain.com/api/ all under the same vhost, so it’s nice having PHP functionality too.

Conclusion

Hopefully this helps someone install Baasbox with SSL security. Feel free to ask additional questions in the comments (or check out the forums) as it pertains to this tutorial and I’ll do my best to respond.

 

 

agrothe (9 Posts)

Andrew Grothe is an enterprise developer with an interest in HTML5 mobile and game development. Andrew is current working on a casual HTML5 game at http://spacecutegame.com and maintains the http://webapplist.info website.