Front-end server for HMI service
It is recommended to use a front-end server for HMI service to get additional features:
limit max upload size for clients
have connections TLS-encrypted
add an optional additional authentication
Note
To properly log IP addresses of the requests, make sure the front-end sets X-Real-IP header and set real_ip_header parameter in the service configuration.
Example with NGINX
Here is an example configuration for NGINX with SSL enabled and uploads limited to 1Mb.
See also Docker Application launcher.
upstream eva-hmi {
server 127.0.0.1:7727;
}
server {
listen 192.168.1.1 ssl;
client_max_body_size 1M;
server_name eva;
ssl_certificate /opt/eva4/etc/eva.crt;
ssl_certificate_key /opt/eva4/etc/eva.key;
ssl_session_timeout 1m;
# proxy for HTTP
location / {
proxy_buffers 16 16k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 240k;
proxy_pass http://eva-hmi;
# a few variables for backend, in fact HMI requires X-Real-IP only
proxy_set_header X-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Frontend "nginx";
}
# proxy for WebSocket
location /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffers 16 16k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 240k;
proxy_pass http://eva-hmi;
proxy_set_header X-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Frontend "nginx";
}
}