Nginx Configuration

This guide explains how to configure Nginx as a reverse proxy for your Gigantics instance. Nginx provides SSL termination, load balancing, and improved performance for your Gigantics deployment.

Overview

Gigantics runs on port 5000 by default and can be accessed directly or through Nginx as a reverse proxy. The setup includes:

SSL/TLS termination
HTTP to HTTPS redirection
WebSocket support for real-time features
Large file upload support
Proper header forwarding

The Gigantics server should be enough for most basic workloads with few users. Nginx is recommended though because it's a stronger frontend component that offers better management of load, resiliance and security.

Installation

Nginx is not provided with the software, you can download it yourself from:

Official Website: https://nginx.org/

Installation Commands

Ubuntu/Debian:

sudo apt update
sudo apt install nginx

CentOS/RHEL/Rocky Linux:

sudo yum install nginx
# or for newer versions
sudo dnf install nginx

macOS (with Homebrew):

brew install nginx

Windows: Download the Windows version from the official website and follow the installation wizard.

Start and Enable Nginx

# Start Nginx
sudo systemctl start nginx

# Enable Nginx to start on boot
sudo systemctl enable nginx

# Check status
sudo systemctl status nginx

Direct Connection vs Nginx Proxy

Direct Connection to Port 5000

You can access Gigantics directly by connecting to http://yourserver:5000 without any reverse proxy (ie Nginx). This is the simplest setup and works for:

Development environments
Internal networks where security is handled at the network level
Quick testing and evaluation

What's behind port 5000: Gigantics runs on a Node.js Express server that provides:

HTTP/HTTPS web server capabilities
REST API endpoints
GraphQL API with WebSocket support
Static file serving for the web interface
Built-in session management and authentication
File upload handling
Real-time communication via WebSockets

Using Nginx as Reverse Proxy

While direct connection works, using Nginx as a reverse proxy offers significant advantages:

Feature	Direct Connection	With Nginx Proxy
SSL/TLS Termination	? Requires Node.js SSL setup	? Handled by Nginx
Performance	?? Single-threaded Node.js	? Multi-process, optimized
Static File Serving	?? Handled by Express	? Optimized by Nginx
Load Balancing	? Not available	? Built-in support
Security Headers	?? Manual implementation	? Easy configuration
Rate Limiting	? Requires additional middleware	? Built-in Nginx modules
Caching	?? Limited options	? Advanced caching strategies
Compression	?? Basic gzip	? Advanced compression
HTTP/2 Support	? Limited in Node.js	? Full HTTP/2 support
Large File Uploads	?? Memory intensive	? Efficient buffering
Monitoring & Logging	?? Basic logging	? Advanced access logs

When to Use Each Approach

Use Direct Connection when:

Setting up for development or testing
Running in a secure internal network
You need the simplest possible setup
SSL is handled by a load balancer or cloud service

Use Nginx Proxy when:

Deploying to production
You need SSL/TLS termination
Performance and scalability are important
You want advanced security features
You need to serve multiple applications
You want better monitoring and logging

Production Configuration

Here's the recommended Nginx configuration for Gigantics:

server {
    server_name yourserver.com;
    listen 80;
    listen 443 ssl;

    # SSL Configuration
    ssl_certificate /etc/nginx/certs/your_certificate.crt;
    ssl_certificate_key /etc/nginx/certs/your_private_key.key;

    # Security headers
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    # Client settings for large file uploads
    client_max_body_size 500m;
    client_body_buffer_size 4m;
    large_client_header_buffers 4 32k;

    # Main location block
    location / {
        proxy_pass http://localhost:5000;
        proxy_redirect off;

        # Essential headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Timeout settings
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;

        # Buffer settings
        proxy_buffer_size 4k;
        proxy_buffers 4 32k;
        proxy_busy_buffers_size 64k;
        proxy_temp_file_write_size 64k;
    }
}

Configuration Parameters Explained

Server Block Settings

Parameter	Description	Recommended Value
`server_name`	Domain name(s) for this server block	Your actual domain(s)
`listen 80`	Listen on HTTP port 80	Standard HTTP port
`listen 443 ssl`	Listen on HTTPS port 443 with SSL	Standard HTTPS port

SSL Configuration

Parameter	Description	Recommended Value
`ssl_certificate`	Path to SSL certificate file	`/etc/nginx/certs/your_cert.crt`
`ssl_certificate_key`	Path to SSL private key file	`/etc/nginx/certs/your_key.key`

Client Upload Settings

Parameter	Description	Recommended Value
`client_max_body_size`	Maximum size of client request body	`500m` (for large datasets)
`client_body_buffer_size`	Buffer size for reading client request body	`4m`
`large_client_header_buffers`	Number and size of buffers for large headers	`4 32k`

Proxy Headers

Parameter	Description	Purpose
`proxy_set_header Host $host`	Forward the original host header	Maintains correct host information
`proxy_set_header X-Real-IP $remote_addr`	Forward client's real IP address	For logging and security
`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for`	Forward client IP through proxy chain	For IP tracking through proxies
`proxy_set_header X-Forwarded-Host $host`	Forward the original host	For host-based routing

Timeout Settings

Parameter	Description	Recommended Value
`proxy_connect_timeout`	Timeout for establishing connection to backend	`90s`
`proxy_send_timeout`	Timeout for transmitting request to backend	`90s`
`proxy_read_timeout`	Timeout for reading response from backend	`90s`

Buffer Settings

Parameter	Description	Recommended Value
`proxy_buffer_size`	Size of buffer for reading response headers	`4k`
`proxy_buffers`	Number and size of buffers for reading response	`4 32k`
`proxy_busy_buffers_size`	Size of buffer when response is being sent to client	`64k`
`proxy_temp_file_write_size`	Size of data written to temporary file at once	`64k`

HTTP to HTTPS Redirection

To automatically redirect HTTP traffic to HTTPS:

server {
    listen 80;
    server_name yourserver.com;
    return 301 https://$server_name$request_uri;
}

Security Headers

Add these security headers for enhanced protection:

add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

Load Balancing (Optional)

For high-availability setups, you can configure load balancing:

upstream gigantics_backend {
    server 192.168.0.7:5000;
    server 192.168.0.8:5000;
    server 192.168.0.9:5000;
}

server {
    # ... other configuration ...

    location / {
        proxy_pass http://gigantics_backend;
        # ... other proxy settings ...
    }
}

Testing Your Configuration

Testing Direct Connection

Before setting up Nginx, test that Gigantics is accessible directly:

Check if Gigantics is running:

curl http://localhost:5000
# or
curl http://yourserver:5000

Test WebSocket connection:

# Test GraphQL endpoint
curl -X POST http://localhost:5000/graphql \
  -H "Content-Type: application/json" \
  -d '{"query":"{ __schema { types { name } } }"}'

Testing Nginx Configuration

Test Nginx configuration:
```
sudo nginx -t
```
Reload Nginx:
```
sudo systemctl reload nginx
```
Check Nginx status:
```
sudo systemctl status nginx
```
Test through Nginx:
```
curl https://yourserver.com
```

Troubleshooting

Common Issues

Issue	Solution
502 Bad Gateway	Check if Gigantics is running on the correct port (default: 5000)
WebSocket connection fails	Ensure `proxy_http_version 1.1` and Upgrade headers are set in the main location block
Large file upload fails	Increase `client_max_body_size` in Nginx or Node.js body parser limits
SSL certificate errors	Verify certificate paths and permissions
Direct connection works but Nginx doesn't	Check if Gigantics is bound to `localhost` instead of `0.0.0.0`
Node.js server not accessible	Ensure Gigantics is listening on the correct interface and port

Log Files

Check these log files for debugging:

Nginx error log: /var/log/nginx/error.log
Nginx access log: /var/log/nginx/access.log
Gigantics logs: Check your configured logs location

Integration with Gigantics Setup

When setting up Gigantics with Nginx, ensure:

Enable Nginx in setup: Check the "Enable Nginx" option in the advanced setup
Configure SSL: Provide your SSL certificate and key paths
Set redirect port: Configure HTTP to HTTPS redirection if needed
Update server configuration: Ensure Gigantics listens on the correct interface

The setup process will generate the appropriate Nginx configuration based on your settings.

Optional: Dedicated GraphQL Location Block

While the main location block handles all requests including GraphQL, you can optionally add a dedicated /graphql location block for enhanced WebSocket support and specific optimizations.

When to Use a Dedicated GraphQL Block

Use this optional configuration when:

You need enhanced WebSocket performance for GraphQL subscriptions
You want different timeout settings for GraphQL operations
You need specific caching rules for GraphQL queries
You want to separate GraphQL traffic from regular web traffic
You're experiencing WebSocket connection issues with the main location block

Optional GraphQL Configuration

You may add this location block after your main location block:

server {
    # ... all the other config goes here ...

    # Optional: Dedicated GraphQL location block
    location /graphql {
        proxy_pass http://192.168.0.7:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # GraphQL-specific optimizations
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 300s;  # Longer for subscriptions

        # WebSocket-specific settings
        proxy_cache_bypass $http_upgrade;
        proxy_no_cache $http_upgrade;
    }
}

Configuration Options for GraphQL Block

Parameter	Description	Recommended Value	Purpose
`proxy_connect_timeout`	Connection timeout for GraphQL	`60s`	Faster connection establishment
`proxy_send_timeout`	Send timeout for GraphQL	`60s`	Quick request transmission
`proxy_read_timeout`	Read timeout for GraphQL	`300s`	Long-lived subscriptions
`proxy_cache_bypass`	Bypass cache for WebSocket	`$http_upgrade`	Real-time data
`proxy_no_cache`	Disable caching for WebSocket	`$http_upgrade`	Always fresh data

Why This is Optional

The main location block already handles GraphQL because:

It includes proxy_http_version 1.1
It has Upgrade and Connection headers for WebSocket support
Gigantics handles GraphQL routing internally

Use the dedicated block only if you need:

Different timeout settings for GraphQL vs regular requests
Enhanced WebSocket performance for real-time features
Specific caching behavior for GraphQL queries
Troubleshooting WebSocket connection issues

Testing GraphQL Configuration

Test both regular and GraphQL endpoints:

# Test regular GraphQL (through main location)
curl -X POST https://yourserver.com/graphql \
  -H "Content-Type: application/json" \
  -d '{"query":"{ __schema { types { name } } }"}'

# Test WebSocket connection (if using dedicated block)
# This requires a WebSocket client or browser developer tools

On this page