Production use - Proxying eXist-db behind a Web Server

(1Q18)


From a security perspective it is recognised best practice to proxy Web Application Servers behind dedicated Web Servers. eXist-db is no exception. This article will provide you with some examples on how to do this.

Introduction

Interesting side-effects of proxying eXist-db behind a Web Server:

Unified web namespace

You can map eXist-db, or an application build on eXist-db, into an existing web namespace. If your website is - http://www.mywebsite.com, then your eXist-db application could be mapped into http://www.mywebsite.com/myapplication/. However, if you are tempted to shorten the URL of WebDAV resources with such a mapping, you will not succeed, due to the specifications of WebDAV that are not designed to handle such cases.

Virtual Hosting

Providing your Web Server supports Virtual Hosting, you should be able to proxy many URLs from different domains onto different eXist-db REST URLs, which may belong to one or more eXist-db instances. This allows a single eXist-db instance to perform virtual hosting.

Examples are provided for:

Nginx

A very small but extremely powerful Web Server which is also simple to configure. It powers some of the biggest sites on the Web. See Using Nginx.

Apache HTTPD

Likely the most prolific Web Server used on the web. See Using Apache HTTPD.

Example: Proxying a Web Domain Name to an eXist-db Collection

In this example we look at how to proxy a web domain name onto an eXist-db Collection. We make the following assumptions:

  1. http://www.mywebsite.com is our website domain name address

  2. eXist-db is running in standalone mode (i.e. http://localhost:8088/) on the same host as the Web Server (i.e. http://localhost:80/)

  3. /db/apps/mywebsite.com is the eXist-db collection we want to proxy

  4. Web Server access logging will be written to /srv/www/vhosts/mywebsite.com/logs/access.log

Using Nginx

This needs to be added to the http section of the nginx.conf file:

# header helpers for reverse proxied servers proxy_set_header Host $host; # Ensures the actual hostname is sent to eXist-db and not 'localhost' (needed in eXist-db for server-name in controller-config.xml) proxy_set_header X-Real-IP $remote_addr; # The Real IP of the client and not the IP of nginx proxy proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header nginx-request-uri $request_uri; # The original URI before proxying # virtual host configuration, reverse proxy to eXist-db server { listen 80; server_name *.mywebsite.com; charset utf-8; access_log /srv/www/vhosts/mywebsite.com/logs/access.log; location / { proxy_pass http://localhost:8088/exist/apps/mywebsite.com/; } }

Using Apache HTTPD

This needs to be added to your httpd.conf:

<VirtualHost *:80> ProxyRequests off ServerName www.mywebsite.com ServerAlias *.mywebsite.com ProxyPass / http://localhost:8088/exist/apps/mywebsite.com ProxyPassReverse / http://localhost:8088/exist/apps/mywebsite.com ProxyPassReverseCookieDomain localhost mywebsite.com ProxyPassReverseCookiePath /exist / RewriteEngine on RewriteRule ^/(.*)$ /$1 [PT] </VirtualHost>