Running RMsis on Reverse Proxy
Overview
RMsis can be configured to run behind a reverse proxy server like Nginx or Apache HTTP Server. Configuring reverse proxy server allows for running RMsis on non-standard HTTP/HTTPS port (such as 3060) and users will be able to access RMsis over standard HTTP/HTTPS as their traffic will be routed through the proxy.
This page describes how to integrate Apache HTTP Server with RMsis, utilising mod_proxy so that Apache operates as a reverse-proxy over HTTPS (You can use similar/ appropriate configuration if you are using Nginx).
Target Audience :
Targeted audience for this document are users who want to
- access RMsis over HTTPS but do not want to install/ configure security certificate.
- run RMsis behind a reverse proxy server.
Prerequisites :
The following are the prerequisites for running RMsis behind a reverse proxy server :
- A reverse proxy server (like Apache HTTP Server or Nginx) should be installed and running.
- JIRA installation should be running on Reverse Proxy configuration using Apache HTTP Server. More details for integrating Apache HTTP Server reverse proxy with JIRA is available here : https://confluence.atlassian.com/display/KB/Integrating+Apache+HTTP+Server+reverse+proxy+with+JIRA
A typical Reverse Proxy Configuration
If the above mentioned prerequisites are fulfilled, a typical reverse Proxy Configuration with JIRA and RMsis running on HTTP will look like :
Figure 1 : A typical Reverse Proxy Configuration
In the above image, the reverse proxy server is configured for the url https://jira.example.com , the JIRA server is configured for url 10.1.1.1 .
Link #1 : Client machine accessing reverse proxy server - https://jira.example.com
Link #2 : Reverse Proxy Server accessing JIRA Server : http://10.1.1.1:8080/
Now, We need to configure links #3, and #5 (Link #4 is automatically created by RMsis).
Configure Reverse Proxy Server (for RMsis)
Apache uses Modules which can be enabled or disabled and are essentially plugins that change the functionality of the server .mod_proxy is an example of these modules.
To configure mod_proxy
for use with your Application, you need to use the ProxyPass
and ProxyPassReverse
directives in the Apache configuration file as follows:
ProxyPass /rm http://jira.example:3060/rm ProxyPassReverse /rm http://jira.example:3060/rm
The above directives tell Apache HTTP Server to forward web requests of the form https://jira.example.com/rm
to the Tomcat connector running on port 3060
(in this case RMsis running under the context path /rm) on the same machine.
A detailed information for mod_proxy is available here : http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
If you are using some other reverse proxy server (like Nginx), you can use similar configuration/ modules.
Sample Reverse Proxy Configuration for Apache :
If JIRA is running under the root context "/",then the sample reverse proxy configuration for both JIRA and RMsis servers would be:
NameVirtualHost *:443
<VirtualHost *:443> ServerName jira.example.com
#The above link refers to Link #1 in Figure 1
ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> SSLEngine On SSLCertificateFile /home/user/ssl/server.crt SSLCertificateKeyFile /home/user/ssl/server.key SSLCertificateChainFile /home/user/ssl/cabundle.crt
#for RMsis Server ProxyPass /rm http://10.1.1.1:3060/rm ProxyPassReverse /rm http://10.1.1.1:3060/rm
#The above link refers to Link #3 in Figure 1
#for JIRA Server
ProxyPass / http://10.1.1.1:8080/ ProxyPassReverse / http://10.1.1.1:8080/
#The above link refers to Link #2 in Figure 1
<Location /> Order allow,deny Allow from all </Location> </VirtualHost>
Note : The reverse proxy directives for RMsis should be written before the reverse proxy directives for JIRA in the Apache configuration file if JIRA is running under the root context / .
Configure RMsis Server :
The server configuration in RMsis will be :
- RMsis Server Scheme : http (scheme on which RMsis server will be running)
- RMsis Host Name : 10.1.1.1 (Host name or the IP address of the RMsis Server)
- RMsis Port : 3060 (Port number for RMsis Server)
- The above three will create Link #3 in Figure 1
- Enable Reverse Proxy : Enabled
- Reverse Proxy Scheme : https (scheme on which Reverse Proxy Server will be running)
- Reverse Proxy Host Name : jira.example.com (Host name of Reverse Proxy Server)
- Reverse Proxy Port : 443 (Port number of Reverse Proxy Server)
- Enable Debugging : Enabled
- JVM Min Memory : 256 MB
- JVM Max Memory : 1024 MB
- JIRA Internal URL : http://10.1.1.1:8080/
- This creates Link #5 in Figure 1.
This is the URL of machine on which JIRA server is running.
If JIRA is running behind a reverse proxy server, then make sure, you are not writing the reverse proxy URL.
RMsis server communicates with JIRA using JIRA internal URL.
The complete Reverse proxy configuration will look like :
Figure 2 : Reverse Proxy Configuration
Link #1 : Client machine accessing reverse proxy server - https://jira.example.com
Link #2 : Reverse Proxy Server accessing JIRA Server : http://10.1.1.1:8080/JIRA
Link #3 : Reverse Proxy Server accessing RMsis Server : http://10.1.1.1:3060/rm
Link #4 : JIRA Server accessing RMsis Server : http://127.0.0.1:42045/rm (here 42045 is an internal port selected automatically by RMsis. If this port is not available, RMsis will select a different port)
Link #5 : RMsis Server accessing JIRA Server : http://10.1.1.1:8080/jira
Note :
For this configuration to work correctly, reverse proxy should not be blocking access from
- JIRA to RMsis
- RMsis to JIRA