DX Unified Infrastructure Management

Hello,
Does any of you has been able to use a NGINX Reverse proxy in front of the operator console and the adminconsoleapp?

I can load the page of the adminconsoleapp but the authentication does not work. It gives me a 404 for the /j_security_check URI.

Our goal is to let nginx handle the SSL certificate and proxy everything to the http://server/adminconsoleapp page

Thanks

Hello,
I fixed my issue. I also needed to proxyfied /mps
Original Message:
Sent: 11-23-2021 02:01 PM
From: Guillaume Briere
Subject: Adminconsoleapp behind NGINX reverse proxy

Hello,
Does any of you has been able to use a NGINX Reverse proxy in front of the operator console and the adminconsoleapp?

I can load the page of the adminconsoleapp but the authentication does not work. It gives me a 404 for the /j_security_check URI.

Our goal is to let nginx handle the SSL certificate and proxy everything to the http://server/adminconsoleapp page

Thanks

Guillaume

SSL offload such as you are doing will work fine for admin console.  For basic operator console it will work as well BUT (and this is the real problem) jaspersoft (ie CABI) does not support SSL offload, so in the CABI documentation it specifically says that if you have SSL from the client then you need to have SSL enabled on the CABI wasp (and you need to update the cabi_url key in the wasp configuration as well). once you have SSL for the cabi wasp you need SSL for the OC wasp.

We tried to "trick" Jaspersoft/CABI with rewites but were never able to get it to work well (it also changed every time we applied a CABI related patch as well) so in the end we have SSL infront of the reverse proxy as well as behind it, which has worked well for the last year or so of patches and changes.

Regards, Andrew

------------------------------
Knows a little about UIM/DXim, AE, Automic
------------------------------

Original Message:
Sent: 11-24-2021 09:42 AM
From: Guillaume Briere
Subject: Adminconsoleapp behind NGINX reverse proxy

Hello,
I fixed my issue. I also needed to proxyfied /mps
Original Message:
Sent: 11-23-2021 02:01 PM
From: Guillaume Briere
Subject: Adminconsoleapp behind NGINX reverse proxy

Hello,
Does any of you has been able to use a NGINX Reverse proxy in front of the operator console and the adminconsoleapp?

I can load the page of the adminconsoleapp but the authentication does not work. It gives me a 404 for the /j_security_check URI.

Our goal is to let nginx handle the SSL certificate and proxy everything to the http://server/adminconsoleapp page

Thanks

Hello Andrew,

Me again.

I was able to make it work without changing any configuration on CABI. You need to add the module ngx_http_sub_module to add the capability to rewrite string.

You need to proxy_pass <oc url>/cabi and also the <oc url>/cabijs to your backend server and add these sub_filter:

sub_filter 'http://<your cabi url>' 'https://<reverse proxy url>';
sub_filter_once off;
sub_filter_types *;
proxy_set_header Accept-Encoding "";


Then, you will rewrite your cabi url on-the-fly without having to change anything on your cabi config.

Thanks
Original Message:
Sent: Nov 29, 2021 09:25 AM
From: andrew Cooper
Subject: Adminconsoleapp behind NGINX reverse proxy

Guillaume

SSL offload such as you are doing will work fine for admin console.  For basic operator console it will work as well BUT (and this is the real problem) jaspersoft (ie CABI) does not support SSL offload, so in the CABI documentation it specifically says that if you have SSL from the client then you need to have SSL enabled on the CABI wasp (and you need to update the cabi_url key in the wasp configuration as well). once you have SSL for the cabi wasp you need SSL for the OC wasp.

We tried to "trick" Jaspersoft/CABI with rewites but were never able to get it to work well (it also changed every time we applied a CABI related patch as well) so in the end we have SSL infront of the reverse proxy as well as behind it, which has worked well for the last year or so of patches and changes.

Regards, Andrew

------------------------------
Knows a little about UIM/DXim, AE, Automic

Original Message:
Sent: 11-24-2021 09:42 AM
From: Guillaume Briere
Subject: Adminconsoleapp behind NGINX reverse proxy

Hello,
I fixed my issue. I also needed to proxyfied /mps
Original Message:
Sent: 11-23-2021 02:01 PM
From: Guillaume Briere
Subject: Adminconsoleapp behind NGINX reverse proxy

Hello,
Does any of you has been able to use a NGINX Reverse proxy in front of the operator console and the adminconsoleapp?

I can load the page of the adminconsoleapp but the authentication does not work. It gives me a 404 for the /j_security_check URI.

Our goal is to let nginx handle the SSL certificate and proxy everything to the http://server/adminconsoleapp page

Thanks

Guillaume

we decided not to go this route for the jaspersoft as we have had problems in the past (older versions) when doing url rewrites. It seems that they are getting better at being web friendly and we may consider this into the future.

Thanks, Andrew

------------------------------
Knows a little about UIM/DXim, AE, Automic
------------------------------

Original Message:
Sent: Dec 10, 2021 02:56 PM
From: Guillaume Briere
Subject: Adminconsoleapp behind NGINX reverse proxy

Hello Andrew,

Me again.

I was able to make it work without changing any configuration on CABI. You need to add the module ngx_http_sub_module to add the capability to rewrite string.

You need to proxy_pass <oc url>/cabi and also the <oc url>/cabijs to your backend server and add these sub_filter:

sub_filter 'http://<your cabi url>' 'https://<reverse proxy url>';
sub_filter_once off;
sub_filter_types *;
proxy_set_header Accept-Encoding "";


Then, you will rewrite your cabi url on-the-fly without having to change anything on your cabi config.

Thanks
Original Message:
Sent: Nov 29, 2021 09:25 AM
From: andrew Cooper
Subject: Adminconsoleapp behind NGINX reverse proxy

Guillaume

SSL offload such as you are doing will work fine for admin console.  For basic operator console it will work as well BUT (and this is the real problem) jaspersoft (ie CABI) does not support SSL offload, so in the CABI documentation it specifically says that if you have SSL from the client then you need to have SSL enabled on the CABI wasp (and you need to update the cabi_url key in the wasp configuration as well). once you have SSL for the cabi wasp you need SSL for the OC wasp.

We tried to "trick" Jaspersoft/CABI with rewites but were never able to get it to work well (it also changed every time we applied a CABI related patch as well) so in the end we have SSL infront of the reverse proxy as well as behind it, which has worked well for the last year or so of patches and changes.

Regards, Andrew

------------------------------
Knows a little about UIM/DXim, AE, Automic

Original Message:
Sent: 11-24-2021 09:42 AM
From: Guillaume Briere
Subject: Adminconsoleapp behind NGINX reverse proxy

Hello,
I fixed my issue. I also needed to proxyfied /mps
Original Message:
Sent: 11-23-2021 02:01 PM
From: Guillaume Briere
Subject: Adminconsoleapp behind NGINX reverse proxy

Hello,
Does any of you has been able to use a NGINX Reverse proxy in front of the operator console and the adminconsoleapp?

I can load the page of the adminconsoleapp but the authentication does not work. It gives me a 404 for the /j_security_check URI.

Our goal is to let nginx handle the SSL certificate and proxy everything to the http://server/adminconsoleapp page

Thanks