Configure IDOL Data Admin to Use the Reverse Proxy

You configure IDOL Data Admin to use a reverse proxy by setting the server.reverseproxy system property.

When you set server.reverseproxy to true, the IDOL Data Admin application listens for AJP connections on a port that you can define by using the server.ajp.port system property.

The reverse proxy must translate incoming HTTP(S) connections from your clients into AJP connections to IDOL Data Admin. In AJP mode, the application reads the user name from incoming requests, so you must set up remote authentication. You cannot encrypt the connection from the reverse proxy to the application.

By default, server.reverseproxy is false. In this case, the IDOL Data Admin application is available only over HTTP or HTTPS. Remote authentication is not possible in this mode. However, you can encrypt the connection with SSL. In this mode, users authenticate by using the proxied login page.

In both these methods, the reverse proxy must rewrite the request path, response Location headers, and cookie paths.

WebSocket Protocol

IDOL Data Admin uses the WebSocket protocol to communicate between the user Web browsers and the Java process. Your reverse proxy must tunnel this communication from the client to the application, in addition to forwarding HTTP/AJP requests.

Set the Reverse Proxy System Property

You can use the following procedure to set the server.reverseproxy system property.

To configure IDOL Data Admin to use a reverse proxy

  1. At the command line, send the java run command with the server.reverseproxy argument set to true. For example:

    java -Dserver.reverseproxy=true -Dhpe.dataadmin.home=[home directory] -Dserver.port=[port] -jar dataadmin.war

    By default, this option opens an AJP port on port 8009. To use a different port, set the server.ajp.port argument to the correct port number.

    You can also specify the roles to assign to your users by setting the ida.reverse-proxy.pre-authenticated-roles system property to a comma-separated list of IDOL Data Admin Community role names (see User Roles). The default value for this property is IDAUser.


    This setting does not assign any roles in the Community component. It gives all users that use the reverse proxy the same permissions to access IDOL Data Admin.

  2. Restart IDOL Data Admin to apply your configuration changes.

If you run IDOL Data Admin as a service on Windows, you can also add the server.reverseproxy property to the dataadmin.xml file.

If you run IDOL Data Admin as a service on Linux, you can add the arguments to the existing arguments variable in the start scripts ( for SystemV, or dataadmin.conf for Upstart).