Configure the Reverse Proxy

The following sections provide configuration examples for using different reverse proxy servers.

Apache 2

Apache 2 is a free open source Web server that you can configure as a reverse proxy by using the mod_proxy module.

The following configuration example exposes the Find running on find.example.com at https://localhost:443/find, using AJP to enable remote authentication. The application AJP port is 8009, and the HTTPS port is 8443.

For this configuration, you must enable the mod_proxy, mod_proxy_ajp, mod_proxy_wstunnel, and mod_ssl modules.

SSLEngine on
SSLProxyEngine on

SSLCertificateFile /path/to/my-certificate.crt
SSLCertificateKeyFile /path/to/my-key.key

<Location /find/>
   AuthType YOUR_AUTH_MODULE
   require valid-user

   ProxyPass "ajp://find.example.com:8009/"
   ProxyPassReverse /
   
</Location>

The following configuration example exposes the Find running on find.example.com at https://localhost:443/find, using HTTPS to communicate with the application.

For this configuration, you must enable the mod_proxy, mod_proxy_http, mod_proxy_wstunnel, and mod_ssl modules.

SSLEngine on
SSLProxyEngine on

SSLCertificateFile /path/to/my-certificate.crt
SSLCertificateKeyFile /path/to/my-key.key

<Location /find/>
   AuthType YOUR_AUTH_MODULE
   require valid-user

   ProxyPass "https://find.example.com:8443/"
   ProxyPassReverse /
</Location>

SAML

You can configure Apache 2 to act as a SAML service provider, which ensures that users are authenticated before passing them through to the application, and sends them to an identity provider if they are not.

For this configuration, you must install and enable the mod_auth_mellon module.

SSLEngine on
SSLProxyEngine on

SSLCertificateFile /path/to/my-certificate.crt
SSLCertificateKeyFile /path/to/my-key.key

<Location /find/>
   AuthType "Mellon"
   AuthName YOUR_AUTH_NAME
   Require valid-user

   MellonEnable "auth"
   MellonSecureCookie On
   MellonVariable "session_cookie"
   MellonUser "NAME_ID"
   MellonEndpointPath "/mellon"
   MellonDefaultLoginPath "/"

   # Session TTL seconds
   MellonSessionLength 86400

   MellonSPMetadataFile /path/to/service/provider/metadata
   MellonSPPrivateKeyFile /path/to/service/provider/key/file
   MellonSPCertFile /path/to/service/provier/cert/file
   MellonIdPMetadataFile /path/to/idp/metadata/file
   
   ProxyPass "https://find.example.com:8443/"
   ProxyPassReverse /
</Location>

NGINX

Nginx is a free open source Web server and reverse proxy. It does not support the AJP protocol, so remote authentication is not possible.

The following example configuration exposes the Find instance running on https://find.example.com:8443/find at https://localhost:443/find.

server {
   listen 443 ssl default_server;

   ssl_certificate /path/to/my-certificate.crt;
   ssl_certificate_key /path/to/my-key.key

   location /find/ {
      proxy_pass https://find.example.com:8443/find;
      proxy_cookie_path /find;
   }
}

Internet Information Services (IIS)

IIS is a Web server created by Microsoft that is built into many versions of Windows. You can configure it as a reverse proxy in HTTP mode, by using the URL Rewrite and Application Request Routing (ARR) modules. In later versions of IIS, the Web server can automatically proxy WebSockets connections.

You can enable the AJP protocol by using the Apache Tomcat ISAPI redirector module.

To reverse proxy in HTTP mode, you must configure a URL Rewrite rule that redirects incoming requests to the application, and another rule that rewrites Location headers in the response.


_HP_HTML5_bannerTitle.htm