Martyn Houghton Posted March 10, 2017 Posted March 10, 2017 With reference to the Wiki article on setting up your own customer domain to proxy the Hornbill solution, we only want to proxy the customer.hornbill.com/InstanceName URL as this is external. https://wiki.hornbill.com/index.php/Custom_Domain_using_Reverse_Proxy Do we still need to proxy the backend API url or can we just get away with a proxy on the customer URL only? Cheers Martyn
Lyonel Posted March 10, 2017 Posted March 10, 2017 @Martyn Houghton I am not an expert and did not try this reverse proxy option but with all the network issues we had at the beginning of using Hornbill, I am fairly sure you do not need to sort out the backend API too... As long as you can still access the standard Hornbill API site with the reverse proxy setup only on the main customer URL you should be OK. That being said, I would also be interested in having a formal answer from Hornbill on that one!
Martyn Houghton Posted March 10, 2017 Author Posted March 10, 2017 @Lyonel I am wonder if I may need it after all, as if I login using my proxy I get no services and a message telling me to subscribe to services to see them, but it I then log back in using the direct URL with the same user I see the services! Cheers Martyn
Lyonel Posted March 10, 2017 Posted March 10, 2017 @Martyn Houghton yep looks like it indeed. Looking at your network trace (it's great you thought of it as it helps go faster when troubleshooting - Note to all other users reading this post!) I can see why it would fail. It is trying to call the API (POST methods) via a relative URL but because you did not define the reverse proxy, the request gets lost. Therefore, I think you will need to set it up. The "funny" thing is that not all calls are based on relative paths, but thinking about it I was always doing similar analysis on the service desk application not the customer portal. I am really interested in this case study Let me know how it goes as I might be tempted to give it a try too (if I get authorized by my boss of course)
Alex8000 Posted April 21, 2017 Posted April 21, 2017 Hi all, We ended up reverse proxying the api domain as well for exactly the reasons @Martyn Houghton outlined. Without this one we would get the interface itself but not have it filled with data/services. Is has been running for multiple months now and everything works great. The one thing we have not been able to get to work is reverse proxying the instance name too. (service.hornbill.com/instancename -> support.panas.nl instead of service.hornbill.com/instancename -> support.panas.nl/instancename) Getting this to work as well would be perfect!
Martyn Houghton Posted April 27, 2017 Author Posted April 27, 2017 @Alex8000 We too have not been able to workout how to remove the instance name from the customer presented URL. I suspect to do so would require some changes on the Hornbill end. Cheers Martyn
TrevorKillick Posted April 27, 2017 Posted April 27, 2017 @Alex8000 @Martyn Houghton Have you got the following in your Proxy Configuration? proxypass /InstanceName/ https://service.hornbill.com/InstanceName/ If one of you could post your current Configuration i can get one of our Network Guys who got this working originally to take a look. Kind regards Trevor Killick
Alex8000 Posted April 28, 2017 Posted April 28, 2017 Hi @TrevorKillick Thanks for the suggestion. We do indeed have that in our configuration. Over the span of a month I must have tried 20 variations of ProxyPass configurations with and without instancenames. Our current configuration: SSLStrictSNIVHostCheck off <VirtualHost *:443> ServerAdmin service@domain.nl DocumentRoot /var/www/ Redirect permanent / https://support.domain.nl/InstanceName/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off # Set the path to SSL certificate # Usage: SSLCertificateFile /path/to/cert.pem SSLCertificateFile /etc/apache2/ssl/domain_wildcard.crt SSLCertificateKeyFile /etc/apache2/ssl/domain_wildcard.key ProxyRequests Off ProxyPreserveHost Off ProxyPass "/InstanceName/" "https://customer.hornbill.com/InstanceName/" ProxyPassReverse "/InstanceName/" "https://customer.hornbill.com/InstanceName/" ServerName support.domain.nl </VirtualHost> <VirtualHost *:443> ServerAdmin service@domain.nl DocumentRoot /var/www/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off # Set the path to SSL certificate # Usage: SSLCertificateFile /path/to/cert.pem SSLCertificateFile /etc/apache2/ssl/domain_wildcard.crt SSLCertificateKeyFile /etc/apache2/ssl/domain_wildcard.key ProxyRequests Off ProxyPreserveHost Off ProxyPass "/InstanceName/ws" "wss://eurapi.hornbill.com/InstanceName/ws" ProxyPass "/InstanceName/" "https://eurapi.hornbill.com/InstanceName/" ProxyPassReverse "/InstanceName/" "https://eurapi.hornbill.com/InstanceName/" ServerName api.domain.nl </VirtualHost> Just to be clear, our current config does not remove the instance name. Curious to know what I have been doing wrong all this time ;-) Thanks, Alex
TrevorKillick Posted April 28, 2017 Posted April 28, 2017 @Alex8000 Thanks for posting your configuration. Have you tried replacing InstanceName with panashornbill i would have expected to see your instance name instead of the string InstanceName in this configuration? Kind Regards Trevor Killick
Alex8000 Posted April 28, 2017 Posted April 28, 2017 Hi @TrevorKillick Haha, that would definitely help and that is how we have configured it. For the sake of not having this post show up whenever customers Google our company name I have started slightly anonymising posts. (I noticed some of these posts coming up in my search results). Please find attached a screenshot of the actual configuration. (I should probably have told you that the previous one was not a 1:1 copy of the running config :)) 1
TrevorKillick Posted April 28, 2017 Posted April 28, 2017 Thanks @Alex8000 i will get one of the network guys to take a look and i will let you know what we come up with. Kind Regards Trevor
TrevorKillick Posted April 28, 2017 Posted April 28, 2017 @Alex8000 can you try the following ProxyPass /ws/ wss://eurapi.hornbill.com/InstanceName/ws/ proxypass / https://eurapi.hornbill.com/InstanceName/ proxypassreverse / https://eurapi.hornbill.com/InstanceName/ Also can you post the errors you get when you try the Support URL without InstanceName on the end. Kind Regards Trevor Killick
Alex8000 Posted May 9, 2017 Posted May 9, 2017 Hi @TrevorKillick, all reading this, Just a quick message to let you know that I have not forgotten about this and will check it soon. Testing this can cause some downtime on the reverse proxy service and thus needs to be planned in the evening (in between my busy busy pizza and Eurovision watching evenings I might add ;-) ) Will post back once I know more! 1
James Ainsworth Posted May 31, 2019 Posted May 31, 2019 Hi @Alex8000 I was interested to know how you got on in the end with your configuration. I know this was some time ago. Regards, James
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now