Skip to content

Butterfly with nginx reverse proxy and https

Jump to bottom Edit New page
tianyu edited this page Jul 16, 2015 · 6 revisions

This wiki shows how to setup Butterfly with nginx reverse proxy and https on ubuntu 14.04. The url will be https://example.com/butterfly, and it's protected by basic access authentication.

nginx need ngx_http_substitutions_filter_module module support.

1. Install butterfly and remove exist nginx

pip install butterfly
apt-get purge nginx nginx-full
apt-get install nginx-common libxslt1-dev libgd-dev libgeoip-dev

2. Get nginx source code

# Create temporary work area
cd
mkdir nginx
cd nginx

# Download and extract nginx
wget http://nginx.org/download/nginx-1.9.3.tar.gz
tar xf nginx-1.9.3.tar.gz

# Download and extract OpenSSL
wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
tar xf openssl-1.0.2d.tar.gz

# Download and extract PCRE (Perl compatible regular expressions)
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.gz
tar xf pcre-8.37.tar.gz

# Download and extract gzip
wget http://zlib.net/zlib-1.2.8.tar.gz
tar xf zlib-1.2.8.tar.gz

# Delete downloads
rm *.tar.gz

# Download ngx_http_substitutions_filter_module
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module

3. Build and install nginx

cd nginx-1.9.3
	
./configure \
--with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' \
--sbin-path=/usr/sbin/nginx \
--prefix=/usr/share/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-debug \
--with-pcre-jit \
--with-ipv6 \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_dav_module \
--with-http_geoip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module \
--with-http_spdy_module \
--with-http_sub_module \
--with-http_xslt_module \
--with-mail \
--with-mail_ssl_module \
--with-http_sub_module \
--with-pcre=../pcre-8.37 \
--with-zlib=../zlib-1.2.8 \
--with-openssl=../openssl-1.0.2d \
--add-module=../ngx_http_substitutions_filter_module

make 
make install

4. Config nginx

Replace example.com with your domain name.

server {
    listen       80;
    listen       443 ssl;
    server_name  example.com;
    ssl_certificate certs/example.com.chained.crt;
    ssl_certificate_key certs/example.com.key;

    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    charset utf-8;

    access_log  /var/log/nginx/$host.access.log;

    client_max_body_size 20M;

    root   /var/www/;
    index  index.html index.htm index.php;

    if ($ssl_protocol = "") {
        return 301 https://$http_host$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location /butterfly {
        auth_basic "Authentication required";
        auth_basic_user_file /etc/nginx/.htpasswd;

        rewrite ^/butterfly/?(.*) /$1 break;
        proxy_pass        http://127.0.0.1:57575;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;

        proxy_connect_timeout 7d;                                                                                                              
        proxy_send_timeout 7d;                                                                                                                 
        proxy_read_timeout 7d;

        subs_filter_types text/html text/css text/xml application/javascript;
        subs_filter /style.css '/butterfly/style.css';
        subs_filter /static '/butterfly/static';
        subs_filter /ws '/butterfly/ws';
        subs_filter location.pathname '"/"';
    }

}

subs_filter will replace the response from butterfly to the correct ones. proxy_*_timeout is set to a long time otherwise the web terminal will get closed after about 1 minute. /etc/nginx/.htpasswd is generate by htpasswd:

htpasswd -c /etc/nginx/.htpasswd YOUR_HTTP_AUTH_USER_NAME

certs/example.com.chained.crt and certs/example.com.key is your ssl key.

Don't forget to restart the service

service nginx restart

5. Use supervisor to control butterfly

apt-get install supervisor
service supervisor start

Add a new config for supervisor vi /etc/supervisor/conf.d/butterfly.conf,

[program:butterfly]
command=butterfly.server.py --unsecure --login=false --host=127.0.0.1
autorestart=true
user=YOUR_LOGIN_USER_NAME

Please modify user to your login username.

Start butterfly

supervisorctl reload

6. Using the web terminal

Just visit https://example.com/butterfly and check if everything is OK.

Add a custom footer
Add a custom sidebar
Clone this wiki locally