Difference between revisions of "Setting up IIS as Reverse Proxy for QPR UI"
Jump to navigation
Jump to search
(218619) |
|||
| Line 60: | Line 60: | ||
# Open '''Internet Information Services (IIS) Console''', click the top level in the left side hierarchy, doubleclick '''Application Requests Routing Cache''', click '''Server Proxy settins''' on the right pane, click '''Enable Proxy''' and click '''Apply'''. | # Open '''Internet Information Services (IIS) Console''', click the top level in the left side hierarchy, doubleclick '''Application Requests Routing Cache''', click '''Server Proxy settins''' on the right pane, click '''Enable Proxy''' and click '''Apply'''. | ||
# In '''Internet Information Services (IIS) Console''', click '''EnticeServices''' folder in the left side hierarchy, double-click '''URL Rewrite''', '''View Server Variables...''' variables, and add '''HTTP_X_ORIGINAL_ACCEPT_ENCODING''' and '''HTTP_ACCEPT_ENCODING''' using the '''Add''' button. Do the same for the '''ui''' folder. | # In '''Internet Information Services (IIS) Console''', click '''EnticeServices''' folder in the left side hierarchy, double-click '''URL Rewrite''', '''View Server Variables...''' variables, and add '''HTTP_X_ORIGINAL_ACCEPT_ENCODING''' and '''HTTP_ACCEPT_ENCODING''' using the '''Add''' button. Do the same for the '''ui''' folder. | ||
| + | # In '''Internet Information Services (IIS) Console''', click '''ui''' folder in the left side hierarchy, double-click '''HTTP Response Headers''', click '''Add...''' on the right side pane, and define the following: | ||
| + | #* Name: '''X-XSS-Protection''' | ||
| + | #* Value: '''1; mode=block''' | ||
# Optional advanced: To harden the security, in '''GlassFish''' allow incoming requests only from localhost. | # Optional advanced: To harden the security, in '''GlassFish''' allow incoming requests only from localhost. | ||
# QPR UI can now be accessed using url '''http(s)://SERVER/ui/''' where SERVER is the hostname of the server. | # QPR UI can now be accessed using url '''http(s)://SERVER/ui/''' where SERVER is the hostname of the server. | ||
Revision as of 09:39, 29 August 2018
Follow these instructions to route QPR UI http/https traffic though IIS. It has the following advantages:
- Access QPR UI using more standard ports (usually 80 or 443) instead of GlassFish ports (usually 8080 or 8181).
- QPR UI can use HTTPS connection that is configured in IIS, and then there is not need to configure https in GlassFish.
- External presentation objects and embedded QPR Portal works better as the browser considers they are from the same site because same origin policy won't cause restrictions (more information: https://en.wikipedia.org/wiki/Same-origin_policy)
Instructions:
- Download and run Microsoft Web Platform Installer (available in http://www.microsoft.com/web/downloads/platform.aspx). Use it to install URL Rewrite 2.1 (or newer) and Application Request Routing 3.0 (or newer) modules. Use the search box to find these components. If you had the IIS Manager open while installing the components, restart the IIS Manager.
- Create file C:\inetpub\wwwroot\EnticeServices\web.config with following contents (also create the EnticeServices folder):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Reverse Proxy to EnticeServices" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8080/EnticeServices/{R:1}" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<rule name="Change port">
<match filterByTags="A, Form, Img" pattern="^http://localhost:8080/(.*)" />
<action type="Rewrite" value="http://localhost/{R:1}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
- Create file C:\inetpub\wwwroot\ui\web.config with following contents (also create the ui folder):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Reverse Proxy to QPR UI" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8080/ui/{R:1}" />
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<rule name="Change port">
<match filterByTags="A, Form, Img" pattern="^http://localhost:8080/(.*)" />
<action type="Rewrite" value="http://localhost/{R:1}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
- Open Internet Information Services (IIS) Console, click the top level in the left side hierarchy, doubleclick Application Requests Routing Cache, click Server Proxy settins on the right pane, click Enable Proxy and click Apply.
- In Internet Information Services (IIS) Console, click EnticeServices folder in the left side hierarchy, double-click URL Rewrite, View Server Variables... variables, and add HTTP_X_ORIGINAL_ACCEPT_ENCODING and HTTP_ACCEPT_ENCODING using the Add button. Do the same for the ui folder.
- In Internet Information Services (IIS) Console, click ui folder in the left side hierarchy, double-click HTTP Response Headers, click Add... on the right side pane, and define the following:
- Name: X-XSS-Protection
- Value: 1; mode=block
- Optional advanced: To harden the security, in GlassFish allow incoming requests only from localhost.
- QPR UI can now be accessed using url http(s)://SERVER/ui/ where SERVER is the hostname of the server.
Offline installers:
URL Rewrite module:
Application Request Routing:
https://www.microsoft.com/en-us/download/confirmation.aspx?id=47333