cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X

How to set up a reverse proxy with organization structure?

fserre
1-Visitor
1-Visitor
‎May 26, 2016 03:28 PM
‎May 26, 2016 03:28 PM

How to set up a reverse proxy with organization structure?

I am trying to put in place nginx as a reverse proxy to hide the thingworx's URLs.

I use this configuration for nginx:

    server {

        listen       80;

        server_name  localhost;


          location /MyApp {

               proxy_pass http://localhost:8080/Thingworx/FormLogin/MyAppOrg;

               proxy_set_header Host $host;

               proxy_set_header X-Real-IP $remote_addr;

          }

     }

It works fine for the login page of the organization but the Home Mashup cannot be displayed, I got an 404 error.

To solve it, I need to add this rule:

          location /Thingworx {

               proxy_pass http://localhost:8080/Thingworx;

               proxy_set_header Host $host;

               proxy_set_header X-Real-IP $remote_addr;

          }

But by doing this I didn't mask anything, I can see the full internal url in the address bar after logging...

Does anyone know how to setup a reverse proxy with organizations ?

Labels:
0 Kudos
Notify Moderator
8 REPLIES 8
Aanjan
12-Amethyst
12-Amethyst
(To:fserre)
‎May 26, 2016 03:56 PM
‎May 26, 2016 03:56 PM

Fabien, can you post your .conf file? With your location set as /Thingworx, all the proxy_pass flag would need is host:port.

0 Kudos
Notify Moderator
fserre
1-Visitor
1-Visitor
(To:Aanjan)
‎May 26, 2016 04:13 PM
‎May 26, 2016 04:13 PM

Thanks AAnjan for your answer. I've modified the .conf file as followed:

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    server {

        listen       80;

        server_name  localhost;

        location /Thingworx {

               proxy_pass http://localhost:8080;

               proxy_set_header Host $host;

               proxy_set_header X-Real-IP $remote_addr;

          }         

          location /MyApp {

               proxy_pass http://localhost:8080/Thingworx/FormLogin/MyAppOrg;

               proxy_set_header Host $host;

               proxy_set_header X-Real-IP $remote_addr;

          }

     }

}

But once logged, I am still redirected to : http://192.168.73.128/Thingworx/Runtime/index.html#master=MyAppMain&mashup=WelcomeScreen

0 Kudos
Notify Moderator
Aanjan
12-Amethyst
12-Amethyst
(To:fserre)
‎May 26, 2016 04:22 PM
‎May 26, 2016 04:22 PM

Since you have the location for /Thingworx, can you remove the /MyApp one and retry? So that your server section would just have location /Thingworx.

Here's an example configuration I've used before:

server {

    listen      80;

    server_name  localhost;

        location /Thingworx/WS {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_pass http://thingworx_server;

            proxy_http_version 1.1;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "upgrade";

            include /etc/nginx/conf.d/acl.default;

            allow a specific ip;

            allow 127.0.0.1;

            deny all;

        }

        location / {

            add_header Access-Control-Allow-Origin *;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_pass http://thingworx_server;

            proxy_http_version 1.1;

            include /etc/nginx/conf.d/acl.default;

            allow a specific ip;

            allow 127.0.0.1;

            deny all;

        }

I've added the upgrade headers to allow EMS websocket connections as well. My setting was was specific to allow any connection that would hit /Thingworx/WS (primarily used for Edge connectivity).

0 Kudos
Notify Moderator
fserre
1-Visitor
1-Visitor
(To:Aanjan)
‎May 26, 2016 04:48 PM
‎May 26, 2016 04:48 PM

Sorry Aanjan, I am confused. If I keep only the /Thingworx location, I will redirect all requests from /Thingworx to my proxy_pass.

What I really want to do is to replace all Thingworx words within the URL by my own application name.

I can put a reverse proxy for one direct request like an API call or my login organisation page. It works fine, thingworx references is removed.

But when the user logs in, the platform calls an URL like this: myServer/Thingworx/Runtime/index.html.

And the browser address bar shows the full URL.

I read in previous posts that the solution to remove "thingworx" reference within the URL is to use a reverse proxy. But I am perhaps wrong...

0 Kudos
Notify Moderator
Aanjan
12-Amethyst
12-Amethyst
(To:fserre)
‎May 26, 2016 04:58 PM
‎May 26, 2016 04:58 PM

It should; because with your first proxy pass, users hitting 'http://localhost:8080/Thingworx/FormLogin/MyAppOrg' gets redirected correctly. But once they login, they would get redirected to a Mashup set either at the user level or the Org level to Thingworx/Runtime/index.html#mashup=Mashup_Name. Can you try adding a proxy pass for that as well? The reason I had suggested /Thingworx is to completely redirect anything that comes in.

0 Kudos
Notify Moderator
fserre
1-Visitor
1-Visitor
(To:Aanjan)
‎May 26, 2016 05:18 PM
‎May 26, 2016 05:18 PM

Yes, I agree. With the /Thingworx location anything will be redirected correctly, but anything htat will start with /Thingworx.

With MyApp rule, I can navigate to 'http://MyApp' and the page which is displayed is 'http://localhost:8080/Thingworx/FormLogin/MyAppOr'

The browser address bar shows 'http://MyApp', everything is fine.

When the user logs in, yes, he is redirected to his home mashup by a link like that: Thingworx/Runtime/index.html#mashup=Mashup_Name.

And I got 404 error page, the only way to remove the error is to add a new rule /Thingworx to be able to process the new request.This time it works but the thingworx url appears clearly within the browser address bar.

If I add a new rule, like /MainPage -> Thingworx/Runtime/index.html#mashup=Mashup_Name, then I would need somewhere to tell the system to use /MainPage URL as an 'home url'. I don't know how to do this.

I need perhaps to create my own login page, but is it possible?

0 Kudos
Notify Moderator
Aanjan
12-Amethyst
12-Amethyst
(To:fserre)
‎May 27, 2016 01:45 PM
‎May 27, 2016 01:45 PM

Adding /MainPage for a specific Mashup wouldn't work either; because if you navigate to different one, a new url will get exposed. To create your own login page, you can look at the FormLogin page's source, copy that, customize as required and then host it in a new url.

0 Kudos
Notify Moderator
fserre
1-Visitor
1-Visitor
(To:Aanjan)
‎May 31, 2016 11:36 AM
‎May 31, 2016 11:36 AM

Ok thanks Aanjan for your help.

It appears that it is not as simple that I thought to hide the thingworx reference in the URL. I'll keep it as it is for now, I'll continue searching when I'll get more time. I'll keep you inform if I find a smart workaround :-)

Notify Moderator
Announcements


Contact Community Management
Top Tags