Front-end server for HMI service
It is recommended to use a front-end server for HMI service to get additional features:
limit max upload size for clients
have connections TLS-encrypted
add an optional additional authentication
Note
To properly log IP addresses of the requests, make sure the front-end sets X-Real-IP header and set real_ip_header parameter in the service configuration.
Example with NGINX
Here is an example configuration for NGINX with SSL enabled and uploads limited to 1Mb.
upstream eva-hmi {
server 127.0.0.1:7727;
}
server {
listen 192.168.1.1 ssl;
client_max_body_size 1M;
server_name eva;
ssl_certificate /opt/eva4/etc/eva.crt;
ssl_certificate_key /opt/eva4/etc/eva.key;
ssl_session_timeout 1m;
# proxy for HTTP
location / {
proxy_buffers 16 16k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 240k;
proxy_pass http://eva-hmi;
# a few variables for backend, in fact HMI requires X-Real-IP only
proxy_set_header X-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Frontend "nginx";
}
# proxy for WebSocket
location /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffers 16 16k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 240k;
proxy_pass http://eva-hmi;
proxy_set_header X-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Frontend "nginx";
}
}