Until IDM 4.8, when reporting server do not have internet access and wanted to download reports , user has to setup local repository following "Setting Up a Local Repository to Download Report Definitions" under reporting setup guide

The disadvantages with above method are ,

-Any live changes that are done to reports in current release are not pushed to local repository directly

-For every release, user needs to manually download all reports and update the local repository with the released reports.

From IDM 4.8.1 which has Reporting 6.6,  Reporting supports downloading reports from public site using outbound proxy as explained in "Configuring the Identity Reporting Server to Use Reverse Proxy Server" under reporting setup guide

In this article, we will cover how to setup reverse proxy server which has internet access and can be pointed in reporting server with no internet.

Platform used for setting up reverse proxy server is RHEL7.5 in this example.

Steps:

-Install nginx rpm on Server . For example,

    1) rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

    2)yum install nginx

-Create SSL certs for nginx server

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.crt

  Proceed with provinding nginx server address while answering certificate prompts.

-Create a conf file (as below) with server details under /etc/nginx/conf.d like /etc/nginx/conf.d/default.conf

  Note: if port exposed is more than 80,disable selinux

  server {

        listen 8543 ssl;

      server_name <nginx server address>;

      ssl_certificate /etc/nginx/certs/cert.crt;

      ssl_certificate_key /etc/nginx/certs/cert.key;

      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

     location /designer/rpt660/ {

            proxy_pass https://nu.novell.com/designer/rpt660/;

            proxy_set_header   X-Forwarded-User $http_authorization;

            proxy_set_header Accept text/html,application/xhtml xml,application/xml;

            proxy_set_header Accept-Encoding "gzip, deflate, br";

            proxy_set_header Host $host;

            proxy_set_header X-Real-IP  $remote_addr;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_http_version 1.1;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection keep-alive;

               }

    }

-Verify nginx configuration is proper. For example, 

  nginx -t

-Enable nginx service to start on boot for next time

   systemctl enable nginx.service

-Start nginx service

      systemctl start nginx.service   

- Configure Reporting to use reverse proxy server as mentioned in above documentation.

- Access Download Section from Reporting Server.

- Verify requests sent from reporting server are being forwarded to CDN site as if proxy is requesting them.

 under /var/log/nginx/access.log.

  164.99.162.14 - - [11/May/2020:20:02:03 0530] "GET https://nu.novell.com/designer/rpt660/ig/Access-Requests-Details---CSV/Access-Requests-Details---CSV_3.6.0.0.rpz HTTP/1.1" 200 63179 "-" "Apache-HttpClient/4.3.2 (java 1.5)" "-"

164.99.162.14 - - [11/May/2020:20:02:16 0530] "GET https://nu.novell.com/designer/rpt660/ig/Bulk-Data-Update-Details/Bulk-Data-Update-Details_3.6.1.0.rpz HTTP/1.1" 200 141594 "-" "Apache-HttpClient/4.3.2 (java 1.5)" "-"

164.99.162.14 - - [11/May/2020:20:02:23 0530] "GET https://nu.novell.com/designer/rpt660/ig/Bulk-Data-Update-Details/Bulk-Data-Update-Details_3.6.1.0_src.zip HTTP/1.1" 200 131131 "-" "Apache-HttpClient/4.3.2 (java 1.5)" "-"

-For Further releases, ensure to update the location and CDN site URL for latest version of reports.