Route multiple QlikSense servers through Nginx

bogdangheorghe

Hello everyone,

We have 2 QlikSense servers in our internal infrastructure and we want to expose these 2 servers externally, through Nginx.
We would like to be able to access these servers via ourdomain.com/qliksense1 and ourdomain.com/qliksense2.
Is it possible to configure Nginx to allow this?

Furthermore, we also require virtual proxies for some of our custom apps and we would like to be able to access the virtual proxy via ourdomain.com/qliksense1/virtualproxy and ourdomain.com/qliksense2/virtualproxy.
Is this possible?

Thank you!

mpc

Hi,

You can find help here to build your nginx configuration: https://community.qlik.com/t5/Member-Articles/Qlik-Sense-Nginx-Reverse-Proxy-for-Automatically-Renew...

You will need two server block, with location /qliksense1 for the first, and /qliksense2 for the second one.
You can add the virtual proxy by adding a location like /qliksense1/vp1

Regards

bogdangheorghe

Hello,

Thanks for your reply.

This is what we tried so far:

server {
		listen 443 ssl;
        listen [::]:443 ssl;
        include snippets/self-signed.conf;
        include snippets/ssl-params.conf;
		
		server_name nginx.ourdomain.com;

        location /qliksense/ {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;

            # X-Forwarded headers
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https; # We enforce HTTPS for all returns

            # Proxy specific variables
            proxy_redirect off;
            proxy_read_timeout 60m;
            proxy_send_timeout 60m;
            proxy_http_version 1.1;
            proxy_connect_timeout 5s;

            # Add support for websockets
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;

            # proxy_buffering should be on for all but very rare cases
            proxy_buffering on;

            # proxy_buffers should not exceed 63
            proxy_buffers 63 128k;
            proxy_buffer_size 128k;

            proxy_pass https://qliksense.ourdomain.com;
        }
        
        location /qliksense/internal_windows_authentication/ {
            proxy_set_header Host $http_host;

            proxy_http_version 1.1;
            proxy_set_header Connection '';

            proxy_pass https://qliksense.ourdomain.com;
        }

        location /qliksense/vp1 {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;

            # X-Forwarded headers
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https; # We enforce HTTPS for all returns

            # Proxy specific variables
            proxy_redirect off;
            proxy_read_timeout 60m;
            proxy_send_timeout 60m;
            proxy_http_version 1.1;
            proxy_connect_timeout 5s;

            # Add support for websockets
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;

            # proxy_buffering should be on for all but very rare cases
            proxy_buffering on;

            # proxy_buffers should not exceed 63
            proxy_buffers 63 128k;
            proxy_buffer_size 128k;

            proxy_pass https://qliksense.ourdomain.com/;
            #We also tried this.
            #proxy_pass https://qliksense.ourdomain.com/vp1/;
        }
        
        location /qliksense/vp1/internal_windows_authentication/ {
            proxy_set_header Host $http_host;

            proxy_http_version 1.1;
            proxy_set_header Connection '';

            proxy_pass https://qliksense.ourdomain.com/;
            #We also tried this.
            #proxy_pass https://qliksense.ourdomain.com/vp1/;
        }
    }
}

If we try to access https://nginx.ourdomain.com/qliksense/vp1 we get Error 400.

We also tried using 2 server blocks and it seems the only one working is the last one.

Any ideas?

mpc

Hi,

Error 400 is usually triggered because the domain name used to access Qlik is not listed in the Origin allow list. More info:
https://community.qlik.com/t5/Official-Support-Articles/How-to-configure-the-WebSocket-origin-allow-...

Regards

bogdangheorghe

Hi,

In this case, we have whitelisted the domain name and the IP for vp1 as well as Central Proxy (not even sure this is necessary).

mpc

Hi,

Then can you share a screenshot of your browser's console. It might contains some useful informations.

Kind regards

bogdangheorghe

There's only one error in the console:

GET https://nginx.ourdomain.com/qliksense/vp1 400 (The http request header is incorrect.)

mpc

Ok, then can you share you Proxy logs ?
It might provide more information about this famous header, and will help us to understand the error I think

bogdangheorghe

If you are referring to the logs in %ProgramData%\Qlik\Sense\Logs\Proxy, I attached an archive.

mpc

Thanks a lot, I'm checking that and I'll return to you

Integration