Categories

ID #1291

How can I set up a reverse proxy for the user portal from 7.1 onward?

How can I set up a reverse proxy for the user portal (and Bright View in 8.x) from 7.1 onward?


In this KB article we describe the steps needed to configure the Apache httpd web server as a reverse proxy in front of the user portal that CMDaemon serves.


With this setup it is possible to assign a certificate signed by a public certification authority. Also, port 443 can be exposed instead of the default port 8081.


The first step is to create the configuration files userportal.conf and bright-view.conf for the reverse proxy.


  • For Apache httpd version 2.4, the following file format can be used:


# cat > /etc/httpd/conf.d/userportal.conf << _EOF_
RewriteEngine  on
RewriteRule ^/(userportal)/(.*)$ https://%{SERVER_NAME}/\$1/\$2 [R,L]
RewriteRule ^/(userportal)$ https://%{SERVER_NAME}/\$1/ [R,L]

ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass /userportal/ https://127.0.0.1:8081/userportal/
ProxyPassReverse /userportal/ https://127.0.0.1:8081/userportal/

ProxyPass /json https://127.0.0.1:8081/json
ProxyPassReverse /json https://127.0.0.1:8081/json
_EOF_

 

 

# cat > /etc/httpd/conf.d/bright-view.conf << _EOF_
RewriteEngine  on
RewriteRule ^/(bright-view)/(.*)$ https://%{SERVER_NAME}/\$1/\$2 [R,L]
RewriteRule ^/(bright-view)$ https://%{SERVER_NAME}/\$1/ [R,L]

ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

ProxyPass /bright-view/ https://127.0.0.1:8081/bright-view/

ProxyPassReverse /bright-view/ https://127.0.0.1:8081/bright-view/
ProxyPass /json https://127.0.0.1:8081/json
ProxyPassReverse /json https://127.0.0.1:8081/json
_EOF_



  • For Apache httpd 2.2 the following file configurations can be used:


# cat > /etc/httpd/conf.d/userportal.conf << _EOF_
RewriteEngine  on
RewriteRule ^/(userportal)/(.*)$ https://%{SERVER_NAME}/\$1/\$2 [R,L]
RewriteRule ^/(userportal)$ https://%{SERVER_NAME}/\$1/ [R,L]

ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine on
ProxyPass /userportal/ https://127.0.0.1:8081/userportal/
ProxyPassReverse /userportal/ https://127.0.0.1:8081/userportal/

ProxyPass /bright-view/ https://127.0.0.1:8081/bright-view/
ProxyPassReverse /bright-view/ https://127.0.0.1:8081/bright-view/

ProxyPass /json https://127.0.0.1:8081/json
ProxyPassReverse /json https://127.0.0.1:8081/json
_EOF_ 

 

# cat > /etc/httpd/conf.d/bright-view.conf << _EOF_
RewriteEngine  on
RewriteRule ^/(bright-view)/(.*)$ https://%{SERVER_NAME}/\$1/\$2 [R,L]
RewriteRule ^/(bright-view)$ https://%{SERVER_NAME}/\$1/ [R,L]

ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine on

ProxyPass /bright-view/ https://127.0.0.1:8081/bright-view/

ProxyPassReverse /bright-view/ https://127.0.0.1:8081/bright-view/
ProxyPass /json https://127.0.0.1:8081/json
ProxyPassReverse /json https://127.0.0.1:8081/json
_EOF_ 


With these configurations in place, reload the Apache httpd webserver:


# service httpd reload


The second step is to include the change on the Bright Cluster web landing page (index.php). This will make it use the correct link (that is, strip out the :8081 for the user portal and bright-view) when constructing the URL for them:


# sed -i 's_:8081/userportal_/userportal_g' /var/www/html/index.php

 

# sed -i 's_:8081/bright-view_/bright-view_g' /var/www/html/index.php


Now it is possible to access the user portal using the standard HTTPS port 443.

Categories for this entry

Tags: certificate, https, proxy, reverse proxy, userportal

Related entries:

You cannot comment on this entry