cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Stay updated on what is happening on the PTC Community by subscribing to PTC Community Announcements. X

How to set up a reverse proxy with organization structure?

fserre
1-Visitor

How to set up a reverse proxy with organization structure?

I am trying to put in place nginx as a reverse proxy to hide the thingworx's URLs.

I use this configuration for nginx:

    server {

        listen       80;

        server_name  localhost;


          location /MyApp {

               proxy_pass http://localhost:8080/Thingworx/FormLogin/MyAppOrg;

               proxy_set_header Host $host;

               proxy_set_header X-Real-IP $remote_addr;

          }

     }

It works fine for the login page of the organization but the Home Mashup cannot be displayed, I got an 404 error.

To solve it, I need to add this rule:

          location /Thingworx {

               proxy_pass http://localhost:8080/Thingworx;

               proxy_set_header Host $host;

               proxy_set_header X-Real-IP $remote_addr;

          }

But by doing this I didn't mask anything, I can see the full internal url in the address bar after logging...

Does anyone know how to setup a reverse proxy with organizations ?

8 REPLIES 8
Aanjan
12-Amethyst
(To:fserre)

Fabien, can you post your .conf file? With your location set as /Thingworx, all the proxy_pass flag would need is host:port.

fserre
1-Visitor
(To:Aanjan)

Thanks AAnjan for your answer. I've modified the .conf file as followed:

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    server {

        listen       80;

        server_name  localhost;

        location /Thingworx {

               proxy_pass http://localhost:8080;

               proxy_set_header Host $host;

               proxy_set_header X-Real-IP $remote_addr;

          }         

          location /MyApp {

               proxy_pass http://localhost:8080/Thingworx/FormLogin/MyAppOrg;

               proxy_set_header Host $host;

               proxy_set_header X-Real-IP $remote_addr;

          }

     }

}

But once logged, I am still redirected to : http://192.168.73.128/Thingworx/Runtime/index.html#master=MyAppMain&mashup=WelcomeScreen

Aanjan
12-Amethyst
(To:fserre)

Since you have the location for /Thingworx, can you remove the /MyApp one and retry? So that your server section would just have location /Thingworx.

Here's an example configuration I've used before:

server {

    listen      80;

    server_name  localhost;

        location /Thingworx/WS {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_pass http://thingworx_server;

            proxy_http_version 1.1;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "upgrade";

            include /etc/nginx/conf.d/acl.default;

            allow a specific ip;

            allow 127.0.0.1;

            deny all;

        }

        location / {

            add_header Access-Control-Allow-Origin *;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_pass http://thingworx_server;

            proxy_http_version 1.1;

            include /etc/nginx/conf.d/acl.default;

            allow a specific ip;

            allow 127.0.0.1;

            deny all;

        }

I've added the upgrade headers to allow EMS websocket connections as well. My setting was was specific to allow any connection that would hit /Thingworx/WS (primarily used for Edge connectivity).

fserre
1-Visitor
(To:Aanjan)

Sorry Aanjan, I am confused. If I keep only the /Thingworx location, I will redirect all requests from /Thingworx to my proxy_pass.

What I really want to do is to replace all Thingworx words within the URL by my own application name.

I can put a reverse proxy for one direct request like an API call or my login organisation page. It works fine, thingworx references is removed.

But when the user logs in, the platform calls an URL like this: myServer/Thingworx/Runtime/index.html.

And the browser address bar shows the full URL.

I read in previous posts that the solution to remove "thingworx" reference within the URL is to use a reverse proxy. But I am perhaps wrong...

Aanjan
12-Amethyst
(To:fserre)

It should; because with your first proxy pass, users hitting 'http://localhost:8080/Thingworx/FormLogin/MyAppOrg' gets redirected correctly. But once they login, they would get redirected to a Mashup set either at the user level or the Org level to Thingworx/Runtime/index.html#mashup=Mashup_Name. Can you try adding a proxy pass for that as well? The reason I had suggested /Thingworx is to completely redirect anything that comes in.

fserre
1-Visitor
(To:Aanjan)

Yes, I agree. With the /Thingworx location anything will be redirected correctly, but anything htat will start with /Thingworx.

With MyApp rule, I can navigate to 'http://MyApp' and the page which is displayed is 'http://localhost:8080/Thingworx/FormLogin/MyAppOr'

The browser address bar shows 'http://MyApp', everything is fine.

When the user logs in, yes, he is redirected to his home mashup by a link like that: Thingworx/Runtime/index.html#mashup=Mashup_Name.

And I got 404 error page, the only way to remove the error is to add a new rule /Thingworx to be able to process the new request.This time it works but the thingworx url appears clearly within the browser address bar.

If I add a new rule, like /MainPage -> Thingworx/Runtime/index.html#mashup=Mashup_Name, then I would need somewhere to tell the system to use /MainPage URL as an 'home url'. I don't know how to do this.

I need perhaps to create my own login page, but is it possible?

Aanjan
12-Amethyst
(To:fserre)

Adding /MainPage for a specific Mashup wouldn't work either; because if you navigate to different one, a new url will get exposed. To create your own login page, you can look at the FormLogin page's source, copy that, customize as required and then host it in a new url.

fserre
1-Visitor
(To:Aanjan)

Ok thanks Aanjan for your help.

It appears that it is not as simple that I thought to hide the thingworx reference in the URL. I'll keep it as it is for now, I'll continue searching when I'll get more time. I'll keep you inform if I find a smart workaround :-)

Announcements


Top Tags