Jump to content

Custom Domain Proxy - Customer Portal Only


Recommended Posts

With reference to the Wiki article on setting up your own customer domain to proxy the Hornbill solution, we only want to proxy the customer.hornbill.com/InstanceName URL as this is external.

https://wiki.hornbill.com/index.php/Custom_Domain_using_Reverse_Proxy

Do we still need to proxy the backend API url or can we just get away with a proxy on the customer URL only?

Cheers

Martyn

Link to comment
Share on other sites

@Martyn Houghton I am not an expert and did not try this reverse proxy option but with all the network issues we had at the beginning of using Hornbill, I am fairly sure you do not need to sort out the backend API too... As long as you can still access the standard Hornbill API site with the reverse proxy setup only on the main customer URL you should be OK.

That being said, I would also be interested in having a formal answer from Hornbill on that one!

Link to comment
Share on other sites

@Martyn Houghton yep looks like it indeed. Looking at your network trace (it's great you thought of it as it helps go faster when troubleshooting - Note to all other users reading this post!) I can see why it would fail. It is trying to call the API (POST methods) via a relative URL but because you did not define the reverse proxy, the request gets lost. Therefore, I think you will need to set it up.

The "funny" thing is that not all calls are based on relative paths, but thinking about it I was always doing similar analysis on the service desk application not the customer portal.

I am really interested in this case study :) Let me know how it goes as I might be tempted to give it a try too (if I get authorized by my boss of course)

Link to comment
Share on other sites

  • 1 month later...

Hi all,

We ended up reverse proxying the api domain as well for exactly the reasons @Martyn Houghton outlined. Without this one we would get the interface itself but not have it filled with data/services.

Is has been running for multiple months now and everything works great. The one thing we have not been able to get to work is reverse proxying the instance name too. (service.hornbill.com/instancename -> support.panas.nl instead of service.hornbill.com/instancename -> support.panas.nl/instancename) Getting this to work as well would be perfect!

Link to comment
Share on other sites

@Alex8000 @Martyn Houghton

Have you got the following in your Proxy Configuration?
 

proxypass /InstanceName/ https://service.hornbill.com/InstanceName/

If one of you could post your current Configuration i can get one of our Network Guys who got this working originally to take a look.

Kind regards

Trevor Killick
 

Link to comment
Share on other sites

Hi @TrevorKillick

Thanks for the suggestion. We do indeed have that in our configuration. Over the span of a month I must have tried 20 variations of ProxyPass configurations with and without instancenames.

Our current configuration:

SSLStrictSNIVHostCheck off

<VirtualHost *:443>

        ServerAdmin service@domain.nl
        DocumentRoot /var/www/
       Redirect permanent / https://support.domain.nl/InstanceName/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine On
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        # Set the path to SSL certificate
        # Usage: SSLCertificateFile /path/to/cert.pem
        SSLCertificateFile /etc/apache2/ssl/domain_wildcard.crt
        SSLCertificateKeyFile /etc/apache2/ssl/domain_wildcard.key
        ProxyRequests Off
        ProxyPreserveHost Off
        ProxyPass "/InstanceName/" "https://customer.hornbill.com/InstanceName/"
        ProxyPassReverse "/InstanceName/" "https://customer.hornbill.com/InstanceName/"
        ServerName support.domain.nl

</VirtualHost>

<VirtualHost *:443>

        ServerAdmin service@domain.nl
        DocumentRoot /var/www/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine On
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        # Set the path to SSL certificate
        # Usage: SSLCertificateFile /path/to/cert.pem
        SSLCertificateFile /etc/apache2/ssl/domain_wildcard.crt
        SSLCertificateKeyFile /etc/apache2/ssl/domain_wildcard.key
        ProxyRequests Off
        ProxyPreserveHost Off
        ProxyPass "/InstanceName/ws" "wss://eurapi.hornbill.com/InstanceName/ws"
        ProxyPass "/InstanceName/" "https://eurapi.hornbill.com/InstanceName/"
        ProxyPassReverse "/InstanceName/" "https://eurapi.hornbill.com/InstanceName/"
        ServerName api.domain.nl

</VirtualHost>

Just to be clear, our current config does not remove the instance name.
Curious to know what I have been doing wrong all this time ;-)

Thanks,

Alex

Link to comment
Share on other sites

Hi @TrevorKillick

Haha, that would definitely help and that is how we have configured it. For the sake of not having this post show up whenever customers Google our company name I have started slightly anonymising posts. (I noticed some of these posts coming up in my search results).

Please find attached a screenshot of the actual configuration.

ykNUydD.png

(I should probably have told you that the previous one was not a 1:1 copy of the running config :)) 

  • Like 1
Link to comment
Share on other sites

@Alex8000

can you try the following

 

ProxyPass /ws/ wss://eurapi.hornbill.com/InstanceName/ws/
proxypass / https://eurapi.hornbill.com/InstanceName/
proxypassreverse / https://eurapi.hornbill.com/InstanceName/


Also can you post the errors you get when you try the Support URL without InstanceName on the end.

Kind Regards

Trevor Killick

Link to comment
Share on other sites

  • 2 weeks later...

Hi @TrevorKillick, all reading this,

 

Just a quick message to let you know that I have not forgotten about this and will check it soon. Testing this can cause some downtime on the reverse proxy service and thus needs to be planned in the evening (in between my busy busy pizza and Eurovision watching evenings I might add ;-) )

Will post back once I know more!

  • Like 1
Link to comment
Share on other sites

  • 2 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...