1. Home
  2. How Can I Set up a Reverse Proxy for Base View and User Portal in BCM 10 and Later?

How Can I Set up a Reverse Proxy for Base View and User Portal in BCM 10 and Later?

In this KB article we describe the steps needed to configure the Apache httpd web server as a reverse proxy in front of Base View and the User Portal.

With this setup it is possible to assign a certificate signed by a public certification authority. Also, port 443 can be exposed instead of the default port 8081.

The first step is to create the configuration files userportal.conf and base-view.conf for the reverse proxy.

The following file format can be used:

# cat > /etc/httpd/conf.d/userportal.conf << _EOF_
RewriteEngine  on
RewriteRule ^/(userportal)/(.*)$ https://%{SERVER_NAME}/\$1/\$2 [R,L]
RewriteRule ^/(userportal)$ https://%{SERVER_NAME}/\$1/ [R,L]

ProxyPreserveHost On

ProxyRequests Off
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass /userportal/ https://127.0.0.1:8081/userportal/
ProxyPassReverse /userportal/ https://127.0.0.1:8081/userportal/
ProxyPass /json https://127.0.0.1:8081/json
ProxyPassReverse /json https://127.0.0.1:8081/json
ProxyPass /shell https://127.0.0.1:8081/shell
ProxyPassReverse /shell https://127.0.0.1:8081/shell
_EOF_
# cat > /etc/httpd/conf.d/base-view.conf << _EOF_
RewriteEngine  on
RewriteRule ^/(base-view)/(.*)$ https://%{SERVER_NAME}/\$1/\$2 [R,L]
RewriteRule ^/(base-view)$ https://%{SERVER_NAME}/\$1/ [R,L]

ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass /base-view/ https://127.0.0.1:8081/base-view/
ProxyPassReverse /base-view/ https://127.0.0.1:8081/base-view/
ProxyPass /json https://127.0.0.1:8081/json
ProxyPassReverse /json https://127.0.0.1:8081/json
ProxyPass /shell https://127.0.0.1:8081/shell
ProxyPassReverse /shell https://127.0.0.1:8081/shell
_EOF_

Note that on Ubuntu hosts, the userportal.conf and base-view.conf files should be placed into the /etc/apache2/conf-enabled directory, not /etc/httpd/conf.d, and the following commands will need to be run to enable the configurations, modules, and site.

Ubuntu only:
# a2enconf userportal base-view
# a2enmod rewrite proxy ssl proxy_http
# a2ensite default-ssl

The second step is to make the following changes to the constants.php file:

# sed -i 's_:8081/userportal_/userportal_g' /var/www/html/constants.php

# sed -i 's_:8081/base-view_/base-view_g' /var/www/html/constants.php

Now it is possible to access the user portal using the standard HTTPS port 443.

To figure out where you store your new certificate files on your head node, take a look at /etc/httpd/conf.d/ssl.conf on your head node (that’s /etc/apache2/sites-available/default-ssl.conf for Ubuntu hosts), specifically the following directives: 

SSLCertificateFile
SSLCertificateKeyFile
SSLCertificateChainFile
Then, change those directives to point to the new certificates and key.


With these configurations in place, reload the Apache httpd webserver:

For RHEL/Rocky:
# systemctl httpd reload
For Ubuntu:
# systemctl apache2 reload
Updated on July 3, 2024