Sample Nginx configuration

Nginx is a popular web and reverse proxy server.

It can be used as a layer between Looker and end users in order to change the port that web browsers use to access Looker. By default users must use a URL similar to https://hostname.domain.com:9999. Using an Nginx configuration similar to the one on this page, users can access Looker without the port number, like https://hostname.domain.com. This is easier for users to type and remember, and is generally more convenient.

A sample nginx.conf is included here. It will need to be customized for your environment.

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
  worker_connections 768;
  # multi_accept on;
}

http {

  ##
  # Basic Settings
  ##

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  large_client_header_buffers 6 32k;
  client_max_body_size 100m;

  # server_names_hash_bucket_size 64;
  # server_name_in_redirect off;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # Logging Settings
  ##
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log debug; # change from debug to warn or error for production

  ##
  # Gzip Settings
  ##
  gzip on;
  gzip_disable "msie6";

  ##
  # Virtual Host Configs
  ##

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;

  server {
    listen                     443;
    ssl                        on;
    ssl_certificate            /etc/looker/ssl/certs/self-ssl.crt;
                                 # replace with your cert file
    ssl_certificate_key        /etc/looker/ssl/private/self-ssl.key;
                                 # replace with your key file
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:SSL:10m;
    ssl_session_timeout        10m;

    location / {
      proxy_pass https://looker.domain.com:9999; # Replace looker.domain.com with the name
                                                 # that clients will use to access Looker

      ### Force timeouts if one of backend hosts is dead ###
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

      ### Set headers ###
      proxy_set_header          X-Real-IP $remote_addr;
      proxy_set_header          Accept-Encoding "";
      proxy_set_header          Host $http_host;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

      ### Don't timeout waiting for long queries - timeout is 1 hr ###
      proxy_read_timeout        3600;
      proxy_set_header          X-Forwarded-Proto $scheme;

      ### By default we don't want to redirect ###
      proxy_redirect            off;

      proxy_buffer_size         128k;
      proxy_buffers             4 256k;
      proxy_busy_buffers_size   256k;
    }
  }

  server {
    listen                     19999;
    ssl                        on;
    ssl_certificate            /etc/looker/ssl/certs/self-ssl.crt;
                                 # replace with your cert file
    ssl_certificate_key        /etc/looker/ssl/private/self-ssl.key;
                                 # replace with your key file
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:SSL:10m;
    ssl_session_timeout        10m;

    location / {
      proxy_pass https://looker.domain.com:19999; # Replace looker.domain.com with the name
                                                  # that clients will use to access Looker

      ### Force timeouts if one of backend hosts is dead ###
      proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

      ### Set headers ###
      proxy_set_header          X-Real-IP $remote_addr;
      proxy_set_header          Accept-Encoding "";
      proxy_set_header          Host $http_host;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

      ### Don't timeout waiting for long queries - timeout is 1 hr ###
      proxy_read_timeout        3600;
      proxy_set_header          X-Forwarded-Proto $scheme;

      ### By default we don't want to redirect ###
      proxy_redirect            off;

      proxy_buffer_size         128k;
      proxy_buffers             4 256k;
      proxy_busy_buffers_size   256k;
    }
  }
}