nginx reverse proxy for nomad ui

[Spencer Owen]

Has anyone successfully got nomad ui running behind a nginx load balancer? 

I find that the following config works, but the ui does not show any logs. 

Does nomad UI depend on websockets to stream logs? Is there some other config option that is required? 

server { listen *:443 ssl; server_name nomad.example.com; ssl on; ssl_certificate /etc/ssl/certs/xxxxx; ssl_certificate_key /etc/ssl/private/xxxxx; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_protocols TLSv1.2; ssl_ciphers xxxxxxx client_max_body_size 10m; access_log /var/log/nginx/ngproxy.access.log mdformat; error_log /var/log/nginx/ngproxy.error.log; add_header Strict-Transport-Security max-age=31536000; location / { proxy_pass https://nomad-upstreams; proxy_read_timeout 90s; proxy_connect_timeout 1s; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; } }

[Henry Vindin]

Where I am now we have put it behind an nginx, if you actually press "tail" or "head" logs seem to work ok.

It never occured to me that it wasn't expected behaviour...

---

From: nomad...@googlegroups.com <nomad...@googlegroups.com> on behalf of Spencer Owen <owens...@gmail.com>
Sent: Friday, August 23, 2019 1:21:19 PM
To: Nomad <nomad...@googlegroups.com>
Subject: [nomad] nginx reverse proxy for nomad ui

 

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/nomad/issues
IRC: #nomad-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Nomad" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nomad-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nomad-tool/133cdcea-71d0-41b4-813e-86c604285589%40googlegroups.com.

[Michael Lange]

Hello Spencer and Henry,

I answered this question on the community forum

The tl;dr is that yes, the UI will stream logs, but if you are using nginx as a proxy, you need to configure nginx to disable proxy_buffering.

To view this discussion on the web visit https://groups.google.com/d/msgid/nomad-tool/MN2PR12MB296007301D6E25E76E663C78F7A40%40MN2PR12MB2960.namprd12.prod.outlook.com.

[Henry Vindin]

Had a bit of a closer look at how to make this all work (not a hugely demanded feature by our users so not a lot of effort really went into it in the first place) and found that I've had quite a bit of success just setting a header to tell nginx not to buffer responses specifically for the nomad instance it's reverse proxying by setting the following in the nomad config:

HCL:

http_api_response_headers {

  X-Accel-Buffering = "no"

}

Json:

"http_api_response_headers": [

  {

     "X-Accel-Buffering": "no"

  }

]

Which is reasonably pleasing as a tiny value add for not much cost. Thanks Michael for the pointer 🙂.

Thanks,

Henry

---

From: Michael Lange <mla...@hashicorp.com>
Sent: Saturday, August 24, 2019 1:50:59 AM
To: Henry Vindin <h.vi...@live.com>
Cc: Spencer Owen <owens...@gmail.com>; Nomad <nomad...@googlegroups.com>
Subject: Re: [nomad] nginx reverse proxy for nomad ui