HENGSHI SENSE Common Issues in Third-Party Software Configuration
Nginx Related Configuration
Is there a file size limit for uploads?
It needs to be restricted through the front-end reverse proxy, such as nginx:
# nginx configuration file setup in HENGSHI server
client_max_body_size 100m;
How to Set HTTP Connection Timeout?
HTTP connection timeout is also configured in the reverse proxy settings of the HENGSHI front-end, such as nginx:
# nginx configuration file setup in HENGSHI server
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
How to Serve Through Ports 80 and 443?
HENGSHI SENSE cannot be started as root, so it cannot bind to ports lower than 1024. To listen on ports 80 and 443, it is recommended to use nginx as a reverse proxy. Create a configuration file /etc/nginx/conf.d/hengshi.conf
with the following content:
# hengshi proxy
upstream hengshi-proxy {
server <HENGSHI_IP>:<HENGSHI_PORT>;
}
server {
server_name <SERVNAME>;
access_log /var/log/nginx/access.log main;
listen 80;
location / {
proxy_pass http://hengshi_proxy;
}
}
server {
server_name <SERVNAME>
listen 443 ssl http2; # Ensure HTTP/2 is configured to improve browser request concurrency
access_log /var/log/nginx/access.log main;
gzip on; # Enable gzip compression to optimize page loading speed
gzip_vary on;
client_max_body_size 200M;
proxy_connect_timeout 900;
proxy_read_timeout 900;
proxy_send_timeout 900;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate <PATH_TO_CER>
ssl_certificate_key <PATH_TO_CER_KEY>
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
# The following X-Forwarded-Host and X-Forwarded-Proto settings are necessary for SSO scenarios. Do not omit them!
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://hengshi-proxy;
}
}
Replace the variables with actual values:
<HENGSHI_IP>
: The IP address of the machine where HENGSHI is deployed.<HENGSHI_PORT>
: The port bound to the HENGSHI service.<SERVNAME>
: The hostname used by Nginx to provide services.<PATH_TO_CER>
,<PATH_TO_CER_KEY>
: The absolute paths to the cer/key files for providing SSL services.
Offline Installation of Docker and Docker-Compose
Category | Architecture | Download Link |
---|---|---|
Linux | docker x86_64 | https://download.hengshi.com/3rd/docker-linux-x64/docker-28.1.1.tgz |
Linux | docker-compose x86_64 | https://download.hengshi.com/3rd/docker-linux-x64/docker-compose-linux-x86_64_v2.36.2.tar.gz |
Linux | docker arm64 | https://download.hengshi.com/3rd/docker-linux-aarch64/docker-23.0.6.tgz |
Linux | docker-compose arm64 | https://download.hengshi.com/3rd/docker-linux-aarch64/docker-compose |
This example is for the x86_64 platform. If you are using arm64, please download the corresponding installation package.
- Download the Docker and Docker-Compose installation packages to the server. You should see the following files:
shell
❯ ls
docker-28.1.1.tgz docker-compose-linux-x86_64_v2.36.2.tar.gz
- Install Docker
shell
tar xf docker-28.1.1.tgz # Extract the files
cp docker/* /usr/bin/ # Copy the executable files to the system path
- Prepare the docker.service file
shell
cat <<EOF > /usr/lib/systemd/system/docker.service/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF
- Start the Docker service
shell
systemctl daemon-reload
systemctl start docker
systemctl enable docker # Enable startup on boot
systemctl status docker # Check the service status
- Copy Docker-Compose to the system directory
shell
tar xf docker-compose-linux-x86_64_v2.36.2.tar.gz
cp docker-compose /usr/local/bin/
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
- Check the versions of Docker and Docker-Compose. If the following example information is returned, the installation is successful.
shell
❯ docker -v
Docker version 28.1.1, build 4eba377
❯ docker-compose version
Docker Compose version v2.36.2