# Nginx

Nginx is used as both reverse proxy and load balancing for on-prem deployments.

## Installation

* Run this to install nginx.

  ```bash
  sudo apt install nginx
  ```
* Run this to delete default server.

  ```bash
  sudo rm /etc/nginx/sites-enabled/default
  ```
* Set `client_max_body_size` to `50m` on `/etc/nginx/nginx.conf`:

  ```bash
  client_max_body_size 50m;
  ```
* Restart nginx.

  ```bash
  sudo systemctl restart nginx
  ```

This is only a one-time installation. Whenever you want to add new servers to this Nginx, follow the [Install Servers to Nginx Section](#install-servers-to-nginx).

## Install servers to Nginx

### Prerequisites

* [Create wildcard TLS certificates](/1.3/deployment/deployment-guide/ssl-certificates-using-letsencrypt.md) (This certificate can be created each time for all the other servers you can configure later).

### Installation

{% hint style="info" %}
On AWS EC2, the number of network interfaces that can be created is limited depending on the node type. For example on `t3a.small` node, the maximum number of network interfaces is 2. Refer to [EC2 Network Specifications](https://docs.aws.amazon.com/ec2/latest/instancetypes/gp.html#gp_network) for more info.
{% endhint %}

* Once nginx server is installed, it will create `sites-enabled` and `sites-available` directories inside /etc/nginx directory.
* Navigate to `/etc/nginx/sites-available` directory and create a file called `<sandbox name>.conf` (Example: `prod-openg2p.conf`) by using [kubernetes/nginx/sites.sample.conf ](https://github.com/OpenG2P/openg2p-deployment/blob/main/kubernetes/nginx/server.sample.conf)file as a template.

{% hint style="info" %}
Creation of the `<sandbox name>.conf` file applies only to one server in the nginx node. Repeat this section for every server to be added.
{% endhint %}

* Use a new Listen IP Address for every server. It is recommended to add a new network interface in the same VM which is part of the same network.
* When configuring upstream servers, you need to configure the node port of the Istio IngressGateway. Therefore, it is important to understand the ports and determine which ports connect to which IngressGateway and for what purpose.
* Run this to enable the server that is added now.

  ```bash
  sudo ln -s /etc/nginx/sites-available/<sandbox name>.conf /etc/nginx/sites-enabled/
  ```
* Test nginx conf for errors.

  ```bash
  sudo nginx -t
  ```
* Restart nginx.

  ```bash
  sudo systemctl restart nginx
  ```

### Post-installation

Map the hostnames to Nginx IPs on your DNS service, such as Route53 on AWS.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openg2p.org/1.3/deployment/base-infrastructure/load-balancer/nginx.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.