Wrap pico engine in nginx

These are notes from a meeting at Picolabs with Scott Lemon and Derek Carter, on February 10, 2017.

Derek installed and configured nginx as follows

    server {
        listen       8080 default_server;
        listen       [::]:8080 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            proxy_pass http://127.0.0.1:8888;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

started nginx, and then started the pico-engine running on port 8888. He was able to access all the pico functionality at port 8080, giving confidence that the pico engine can run and be accessed correctly and completely through nginx.

His next step was to use nginx to allow free access to sky queries and events, but password-protect all of the UI. The change to the configuration for this was:

        location /sky/ {
            proxy_pass http://127.0.0.1:8888/sky/;
        }

        location / {
            auth_basic "Restricted";
            # htpasswd -c /etc/nginx/users.htpasswd username
            auth_basic_user_file /etc/nginx/users.htpasswd;
            proxy_pass http://127.0.0.1:8888/;
        }

Derek shared with us all of the configuration files on github

Steps to use nginx to control access to the pico engine include

1) install nginx
2) install httpd-tools
3) create password file
4) edit config
5) restart and enable nginx
6) start pico engine

Copyright Picolabs | Licensed under Creative Commons.