Configure a Reverse Proxy

You can use HPE IDOL Data Admin with an Apache JServ Protocol (AJP) reverse proxy.

With a reverse proxy, you manage authentication for your users, and the reverse proxy allows users to access the HPE IDOL Data Admin application with a default set of user roles, which you can define.

NOTE:

You cannot configure the reverse proxy to assign an administrator user role. Your administrators must have access to the HPE IDOL Data Admin application by another route.

The following sections describe how to configure the Apache server with remote authentication, and how to configure HPE IDOL Data Admin to use the reverse proxy.

Configure the Reverse Proxy

The following configuration example shows how to set up a reverse proxy with remote authentication for HPE IDOL Data Admin in Apache 2.

<Location /dataadmin/>
   AuthType YOUR_AUTH_MODULE
   require valid-user
   CASScope /dataadmin/

   ProxyPass ajp://dataadmin.example.com:8009/
   ProxyPassReverse /

   RewriteEngine on
   RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
   RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
   RewriteRule /api/(.*) ws://dataadmin.example.com:8080/api/$1 [P]
</Location>

This configuration uses both the AJP (8009) and HTTP (8080) ports.

Configure HPE IDOL Data Admin to Use the Reverse Proxy

You configure HPE IDOL Data Admin to use the reverse proxy by setting the server.reverseproxy argument in the Java run command.

To configure HPE IDOL Data Admin to use a reverse proxy

  1. At the command line, send the java run command with the server.reverseproxy argument set to true. For example:

    java -Dserver.reverseproxy=true -Dhpe.dataadmin.home=[home directory] -Dserver.port=[port] -jar dataadmin.war

    By default, this option opens an AJP port on port 8009. To use a different port, set the server.ajp.port argument to the correct port number.

    You can also specify the roles to assign to your users by setting the ida.reverse-proxy.pre-authenticated-roles system property to a comma-separated list of HPE IDOL Data Admin Community role names (see User Roles). The default value for this property is IDAUser.

    NOTE:

    This setting does not assign any roles in the Community component. It gives all users that use the reverse proxy the same permissions to access HPE IDOL Data Admin.

  2. Restart HPE IDOL Data Admin to apply your configuration changes.

If you run HPE IDOL Data Admin as a service on Windows, you can also add the server.reverseproxy property to the dataadmin.xml file.

If you run HPE IDOL Data Admin as a service on Linux, you can add the arguments to the existing arguments variable in the start scripts (dataadmin.sh for SystemV, or dataadmin.conf for Upstart).


_HP_HTML5_bannerTitle.htm