Fault: Unresponsive UI when putting EVE-NG behind an NGINX reverse proxy

For the purposes of this article I’m making an assumption that the reader has already completed all of the steps required to place EVE-NG behind an NGINX reverse proxy. Using the default settings this can cause the EVE-NG HTML5 GUI to act in an unpredictable manner and at times appear to act like there is extreme latency and jitter on the connection.

This same effect can often be seen on other reverse proxy-like applications and can affect other web applications that rely on real-time or near real time communications. Most notibly Cisco Anyconnects Web SSL VPN appears to suffer from this effect however it can be observed to come and go. There is no resolution for Cisco Anyconnect as the configuration options to resolve the root cause are not available to us.

Root cause: The cause of this behaviour is that NGINX will buffer the traffic to the EVE-NG server and therfore to the Apache Guacamole in behind EVE-NG. While this makes for an efficent proxy; It will prevent connections being made correctly for Apache Guacamole correctly and cause sessions to time out. This eventually will exchaust all available sessions and prevent users from connecting.

Resolution: Disable proxy buffering in your proxy.conf on the NGINX server.

This solution may be suitable for other reverse proxies and SSL Web VPNs if the options are configurable. This is the required configuration to be added to the location section of the config file:

proxy_buffering off;

The below is the full required config for the location section of the reverse proxy configuration should it be required for reference:

location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded__for;
proxy_set_header host $host;
proxy_pass https://INTERNALIP:443;
proxy_buffering off;
}

 2,787 total views,  1 views today

2 thoughts to “Fault: Unresponsive UI when putting EVE-NG behind an NGINX reverse proxy”

  1. What is the complete setup for eve-ng behind a proxy? I can hit the login in page but then when you actually hit login it doesnt go anywhere

    1. Are you using EVE-NG Pro or Community edition? For config above is pretty much it bar the SSL part of the config which certbot will provide if you’re using LetsEncrypt for your public certs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.