Difference between revisions of "Setting up IIS as Reverse Proxy for QPR UI"

From Mea Wiki
Jump to navigation Jump to search
Line 59: Line 59:
 
</pre>
 
</pre>
 
# Open '''Internet Information Services (IIS) Console''', click the top level in the left side hierarchy, doubleclick '''Application Requests Routing Cache''', click '''Server Proxy settins''' on the right pane, click '''Enable Proxy''' and click '''Apply'''.
 
# Open '''Internet Information Services (IIS) Console''', click the top level in the left side hierarchy, doubleclick '''Application Requests Routing Cache''', click '''Server Proxy settins''' on the right pane, click '''Enable Proxy''' and click '''Apply'''.
# In '''Internet Information Services (IIS) Console''', click '''EnticeServices''' folder in the left side hierarchy, double-click '''URL Rewrite''', '''View Server Variables...''' variables, and add '''HTTP_X_ORIGINAL_ACCEPT_ENCODING''' and '''HTTP_ACCEPT_ENCODING''' using the '''Add''' button. Do the same for the '''ui''' folder.
+
# Check applicable instructions in [[Security_Hardening_in_QPR_UI|Security hardening steps]].
# In '''Internet Information Services (IIS) Console''', click '''ui''' folder in the left side hierarchy, double-click '''HTTP Response Headers''', click '''Add...''' on the right side pane, and define the following: (more information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection)
 
#* Name: '''X-XSS-Protection'''
 
#* Value: '''1; mode=block'''
 
# Similarly, add the following HTTP Response Header: (more information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options)
 
#* Name: '''X-Frame-Options'''
 
#* Value: '''deny'''
 
# Optional advanced: To harden the security, in '''GlassFish''' allow incoming requests only from localhost.
 
 
# QPR UI can now be accessed using url '''http(s)://SERVER/ui/''' where SERVER is the hostname of the server.
 
# QPR UI can now be accessed using url '''http(s)://SERVER/ui/''' where SERVER is the hostname of the server.
  
 
+
'''Offline installers:'''
'''Offline installers:
+
* URL Rewrite module: http://download.microsoft.com/download/D/D/E/DDE57C26-C62C-4C59-A1BB-31D58B36ADA2/rewrite_amd64_en-US.msi
'''
+
* Application Request Routing: https://www.microsoft.com/en-us/download/confirmation.aspx?id=47333
 
 
URL Rewrite module:
 
 
 
http://download.microsoft.com/download/D/D/E/DDE57C26-C62C-4C59-A1BB-31D58B36ADA2/rewrite_amd64_en-US.msi
 
 
 
Application Request Routing:
 
 
 
https://www.microsoft.com/en-us/download/confirmation.aspx?id=47333
 
 
 
 
 
  
 
[[Category: QPR UI]]
 
[[Category: QPR UI]]

Revision as of 13:06, 28 October 2018

Follow these instructions to route QPR UI http/https traffic though IIS. It has the following advantages:

  • Access QPR UI using more standard ports (usually 80 or 443) instead of GlassFish ports (usually 8080 or 8181).
  • QPR UI can use HTTPS connection that is configured in IIS, and then there is not need to configure https in GlassFish.
  • External presentation objects and embedded QPR Portal works better as the browser considers they are from the same site because same origin policy won't cause restrictions (more information: https://en.wikipedia.org/wiki/Same-origin_policy)

Instructions:

  1. Download and run Microsoft Web Platform Installer (available in http://www.microsoft.com/web/downloads/platform.aspx). Use it to install URL Rewrite 2.1 (or newer) and Application Request Routing 3.0 (or newer) modules. Use the search box to find these components. If you had the IIS Manager open while installing the components, restart the IIS Manager.
  2. Create file C:\inetpub\wwwroot\EnticeServices\web.config with following contents (also create the EnticeServices folder):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
  <rewrite>
    <rules>
      <rule name="Reverse Proxy to EnticeServices" stopProcessing="true">
        <match url="(.*)" />
        <action type="Rewrite" url="http://localhost:8080/EnticeServices/{R:1}" />
	<serverVariables>
          <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
          <set name="HTTP_ACCEPT_ENCODING" value="" />
        </serverVariables>
      </rule>
    </rules>
    <outboundRules>
      <rule name="Change port">
        <match filterByTags="A, Form, Img" pattern="^http://localhost:8080/(.*)" />
        <action type="Rewrite" value="http://localhost/{R:1}" />
      </rule>
    </outboundRules>
  </rewrite>
  </system.webServer>
</configuration>
  1. Create file C:\inetpub\wwwroot\ui\web.config with following contents (also create the ui folder):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
  <rewrite>
    <rules>
      <rule name="Reverse Proxy to QPR UI" stopProcessing="true">
        <match url="(.*)" />
        <action type="Rewrite" url="http://localhost:8080/ui/{R:1}" />
	<serverVariables>
          <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
          <set name="HTTP_ACCEPT_ENCODING" value="" />
        </serverVariables>
      </rule>
    </rules>
    <outboundRules>
      <rule name="Change port">
        <match filterByTags="A, Form, Img" pattern="^http://localhost:8080/(.*)" />
        <action type="Rewrite" value="http://localhost/{R:1}" />
      </rule>
    </outboundRules>
  </rewrite>
  </system.webServer>
</configuration>
  1. Open Internet Information Services (IIS) Console, click the top level in the left side hierarchy, doubleclick Application Requests Routing Cache, click Server Proxy settins on the right pane, click Enable Proxy and click Apply.
  2. Check applicable instructions in Security hardening steps.
  3. QPR UI can now be accessed using url http(s)://SERVER/ui/ where SERVER is the hostname of the server.

Offline installers:

Retrieved from "https://wiki.onqpr.com/mea/index.php?title=Setting_up_IIS_as_Reverse_Proxy_for_QPR_UI&oldid=11271"