Custom Domain Proxy - Customer Portal Only

[Martyn Houghton]

With reference to the Wiki article on setting up your own customer domain to proxy the Hornbill solution, we only want to proxy the customer.hornbill.com/InstanceName URL as this is external.

https://wiki.hornbill.com/index.php/Custom_Domain_using_Reverse_Proxy

Do we still need to proxy the backend API url or can we just get away with a proxy on the customer URL only?

Cheers

Martyn

[Lyonel]

@Martyn Houghton I am not an expert and did not try this reverse proxy option but with all the network issues we had at the beginning of using Hornbill, I am fairly sure you do not need to sort out the backend API too... As long as you can still access the standard Hornbill API site with the reverse proxy setup only on the main customer URL you should be OK.

That being said, I would also be interested in having a formal answer from Hornbill on that one!

[Martyn Houghton]

@Lyonel

I am wonder if I may need it after all, as if I login using my proxy I get no services and a message telling me to subscribe to services to see them, but it I then log back in using the direct URL with the same user I see the services!

Cheers

Martyn

[Lyonel]

@Martyn Houghton yep looks like it indeed. Looking at your network trace (it's great you thought of it as it helps go faster when troubleshooting - Note to all other users reading this post!) I can see why it would fail. It is trying to call the API (POST methods) via a relative URL but because you did not define the reverse proxy, the request gets lost. Therefore, I think you will need to set it up.

The "funny" thing is that not all calls are based on relative paths, but thinking about it I was always doing similar analysis on the service desk application not the customer portal.

I am really interested in this case study  Let me know how it goes as I might be tempted to give it a try too (if I get authorized by my boss of course)

[Alex8000]

Hi all,

We ended up reverse proxying the api domain as well for exactly the reasons @Martyn Houghton outlined. Without this one we would get the interface itself but not have it filled with data/services.

Is has been running for multiple months now and everything works great. The one thing we have not been able to get to work is reverse proxying the instance name too. (service.hornbill.com/instancename -> support.panas.nl instead of service.hornbill.com/instancename -> support.panas.nl/instancename) Getting this to work as well would be perfect!

[Martyn Houghton]

@Alex8000

We too have not been able to workout how to remove the instance name from the customer presented URL. I suspect to do so would require some changes on the Hornbill end.

Cheers

Martyn

[TrevorKillick]

@Alex8000 @Martyn Houghton

Have you got the following in your Proxy Configuration?
 

proxypass /InstanceName/ https://service.hornbill.com/InstanceName/

If one of you could post your current Configuration i can get one of our Network Guys who got this working originally to take a look.

Kind regards

Trevor Killick
 

[Alex8000]

Hi @TrevorKillick

Thanks for the suggestion. We do indeed have that in our configuration. Over the span of a month I must have tried 20 variations of ProxyPass configurations with and without instancenames.

Our current configuration:

SSLStrictSNIVHostCheck off

<VirtualHost *:443>

        ServerAdmin service@domain.nl
        DocumentRoot /var/www/
       Redirect permanent / https://support.domain.nl/InstanceName/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine On
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        # Set the path to SSL certificate
        # Usage: SSLCertificateFile /path/to/cert.pem
        SSLCertificateFile /etc/apache2/ssl/domain_wildcard.crt
        SSLCertificateKeyFile /etc/apache2/ssl/domain_wildcard.key
        ProxyRequests Off
        ProxyPreserveHost Off
        ProxyPass "/InstanceName/" "https://customer.hornbill.com/InstanceName/"
        ProxyPassReverse "/InstanceName/" "https://customer.hornbill.com/InstanceName/"
        ServerName support.domain.nl

</VirtualHost>

<VirtualHost *:443>

        ServerAdmin service@domain.nl
        DocumentRoot /var/www/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine On
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        # Set the path to SSL certificate
        # Usage: SSLCertificateFile /path/to/cert.pem
        SSLCertificateFile /etc/apache2/ssl/domain_wildcard.crt
        SSLCertificateKeyFile /etc/apache2/ssl/domain_wildcard.key
        ProxyRequests Off
        ProxyPreserveHost Off
        ProxyPass "/InstanceName/ws" "wss://eurapi.hornbill.com/InstanceName/ws"
        ProxyPass "/InstanceName/" "https://eurapi.hornbill.com/InstanceName/"
        ProxyPassReverse "/InstanceName/" "https://eurapi.hornbill.com/InstanceName/"
        ServerName api.domain.nl

</VirtualHost>

Just to be clear, our current config does not remove the instance name.
Curious to know what I have been doing wrong all this time ;-)

Thanks,

Alex

[TrevorKillick]

@Alex8000

Thanks for posting your configuration.

Have you tried replacing InstanceName with panashornbill i would have expected to see your instance name instead of the string InstanceName in this configuration?

Kind Regards

Trevor Killick

[Alex8000]

Hi @TrevorKillick

Haha, that would definitely help and that is how we have configured it. For the sake of not having this post show up whenever customers Google our company name I have started slightly anonymising posts. (I noticed some of these posts coming up in my search results).

Please find attached a screenshot of the actual configuration.

(I should probably have told you that the previous one was not a 1:1 copy of the running config :)) 

[TrevorKillick]

Thanks @Alex8000 i will get one of the network guys to take a look and i will let you know what we come up with.

Kind Regards 

Trevor

[TrevorKillick]

@Alex8000

can you try the following

 

ProxyPass /ws/ wss://eurapi.hornbill.com/InstanceName/ws/
proxypass / https://eurapi.hornbill.com/InstanceName/
proxypassreverse / https://eurapi.hornbill.com/InstanceName/

Also can you post the errors you get when you try the Support URL without InstanceName on the end.

Kind Regards

Trevor Killick

[Alex8000]

Hi @TrevorKillick, all reading this,

 

Just a quick message to let you know that I have not forgotten about this and will check it soon. Testing this can cause some downtime on the reverse proxy service and thus needs to be planned in the evening (in between my busy busy pizza and Eurovision watching evenings I might add ;-) )

Will post back once I know more!

[James Ainsworth]

Hi @Alex8000

I was interested to know how you got on in the end with your configuration. I know this was some time ago.

Regards,

James