Set up NGINX as a reverse proxy to route secure external traffic to your MLflow server.
Prerequisites
- Linux-based server (RHEL/CentOS or Ubuntu/Debian)
- Root or sudo privileges
- MLflow server running on port
5000 - SSL certificate and private key files (e.g.,
cert.pemandkey.pem)
Steps to install
- Install Nginx: Choose the appropriate command based on your Linux distribution.
For RHEL/CentOS:
sudo yum install -y nginxFor Ubuntu/Debian:
sudo apt install -y nginx- Configure the NGINX main file (/etc/nginx/nginx.conf)
Use the following NGINX configuration to set up a reverse proxy with performance optimizations:
x
cat /etc/nginx/nginx.conf# For more information on configuration, see:# * Official English Documentation: http://nginx.org/en/docs/# * Official Russian Documentation: http://nginx.org/ru/docs/user nginx;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.include /usr/share/nginx/modules/*.conf;events { worker_connections 1024;}http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }# Settings for a TLS enabled server.## server {# listen 443 ssl http2 default_server;# listen [::]:443 ssl http2 default_server;# server_name _;# root /usr/share/nginx/html;## ssl_certificate "/etc/pki/nginx/server.crt";# ssl_certificate_key "/etc/pki/nginx/private/server.key";# ssl_session_cache shared:SSL:1m;# ssl_session_timeout 10m;# ssl_ciphers PROFILE=SYSTEM;# ssl_prefer_server_ciphers on;## # Load configuration files for the default server block.# include /etc/nginx/default.d/*.conf;## location / {# }## error_page 404 /404.html;# location = /40x.html {# }## error_page 500 502 503 504 /50x.html;# location = /50x.html {# }# }}- Configure reverse proxy for MLflow (
/etc/nginx/conf.d/mlflow.conf)
This configuration:
- Redirects all HTTP traffic to HTTPS
- Proxies HTTPS requests securely to the MLflow server
cat /etc/nginx/conf.d/mlflow.conf# Redirect all HTTP requests to HTTPSserver { listen 80; server_name 10.100.11.26; location / { return 301 https://$host$request_uri; }}# Main SSL-secured MLflow server blockserver { listen 443 ssl; server_name mlflow.yourdomain.com; ssl_certificate /usr/odp/3.3.6.2-1006/mlflow/cert.pem; ssl_certificate_key /usr/odp/3.3.6.2-1006/mlflow/key.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://10.100.11.26:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }}Note:
- Replace
mlflow.yourdomain.comwith your actual domain or public IP. - Update SSL certificate paths to match your environment.
- Replace
10.100.11.26:5000with your MLflow backend server address and port.
- Start and enable Nginx.
sudo systemctl start nginxsudo systemctl enable nginxTo verify Nginx is running:
sudo systemctl status nginx- Reload the configuration after any change.
sudo nginx -t # Validate configsudo systemctl reload nginxReferences
Was this page helpful?