This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filr behind Apache proxy

My days of creating a proxy are long behind me.

How are you guys go about proxying things like FILR and also the new Groupwise Web ?

Are you using Apache? Or the new Nginx? How have you done it? And are you willing to share your files?

What I want :

to proxy   filr.mydomain.com   to  Internal server : ip.adress:port

and  groupwise.mydomain.com  to internal server : ip.adress:port

  • Suggested Answer

    0  

    I used Apache proxy a very long time, but some guys have reported that Nginx is faster (or better). However therefore I changed my configurations from Apache to Nginx which is very similar.

    Nginx proxy documentation and Google helped a lot.

    Here is a piece out of my conf file:

    # Fix the “It appears that your reverse proxy set up is broken" error.
    proxy_pass https://<your server ip>;

    So it is really that simply. The only thing you have to check for Filr is download/upload limits. Nginx default values are not really high - 10 MB or similar if I remember.

    I use Nginx for all my access paths - GroupWise, Filr, Retain, SMG, Vibe,... and much more. The only product which is hard to configure is Content Editor. But if you check the community here you will find the solution Innocent


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    That much more easy indeed.
    Question : Due to licensing my vm is OES2023. Can I just install nginx ? Or does that Fubar the entire OES system ?

  • 0   in reply to 

    I keep it as small and simple as possible. Therefore it is a small Sles15 (low memory). I use my GW - sles license for this proxy server. Usually there should be a Sles license for your GW server(s) because you are allowed to run your GW system on Sles.

    Nevertheless Nginx should run on OES too. However your proxy server does not need any OES features  (I know you want to use the license only Wink).

    If you want to experience a little more excitement then go for the docker nginx version ...


    Use "Verified Answers" if your problem/issue has been solved!

  • 0  

    Hi there!, how are you. I have a few customers using HAproxy for Filr. For your reference I'm attaching the /etc/haproxy/haproxy.cfg of one of my customers. 

    Hope this help you!. Best regards from Bs.as - Argentina ;-)

    ### Filr LoadBalancer
    global
    # log 127.10.0.1 local0 info
    log /dev/log local0 debug
    pidfile /var/run/haproxy.pid
    maxconn 6000
    daemon
    user haproxy
    group haproxy
    tune.ssl.default-dh-param 2048


    ### Default settings
    defaults
    log global
    timeout connect 30s
    timeout client 90s
    timeout server 90s
    option dontlognull
    option log-health-checks
    option http-server-close
    timeout http-request 5s
    timeout queue 2m
    timeout http-keep-alive 180s
    timeout check 10s
    ### Redispatch Enable or disable session redistribution in case of connection failure
    option redispatch
    option clitcpka

    frontend Filr_Frontend80
    bind :80
    mode http
    reqadd X-Forwarded-Proto:\ http
    rspadd Strict-Transport-Security:\ max-age=31536000
    default_backend Filr-Servers

    frontend Filr_Frontend443
    bind :443 ssl crt /etc/ssl/private/mobility.pem ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5:!RC4 no-sslv3 no-tlsv10
    mode http
    reqadd X-Forwarded-Proto:\ https
    rspadd Strict-Transport-Security:\ max-age=31536000
    default_backend Filr-Servers

    frontend Filr_Frontend8443
    bind :8443 ssl crt /etc/ssl/private/mobility.pem ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5:!RC4 no-sslv3 no-tlsv10
    mode http
    reqadd X-Forwarded-Proto:\ https
    rspadd Strict-Transport-Security:\ max-age=31536000
    default_backend Filr-Servers

    backend Filr-Servers
    mode http
    # log /dev/log local0 debug
    #mode tcp
    balance roundrobin
    stick-table type ip size 1m expire 10m
    stick on src # probar att skippa # cbonte.github.io/.../configuration-1.5.html
    server filr-applan1 192.168.135.11:80 check
    server filr-applan2 192.168.135.12:80 check
    server filr-applan3 192.168.135.18:80 check
    server filr-applan4 192.168.135.19:80 check

    backend all_the_things
    server filr-applan1 192.168.135.11:8080 check
    server filr-applan1 192.168.135.11:8443 check
    server filr-applan2 192.168.135.12:8080 check
    server filr-applan2 192.168.135.12:8443 check
    server filr-applan3 192.168.135.18:8080 check
    server filr-applan3 192.168.135.18:8443 check
    server filr-applan4 192.168.135.19:8080 check
    server filr-applan4 192.168.135.19:8443 check
    server filr-netsync 192.168.135.17:9443 check
    server filr-netsync 192.168.135.17:8443 check
    server filr-search1 192.168.135.13:1199 check
    server filr-search2 192.168.135.14:1199 check
    server filr-sqldb1 192.168.135.15:5432 check


    #Monitor
    listen stats
    bind :6080 ssl crt /etc/ssl/private/mobility.pem ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5:!RC4 no-sslv3 no-tlsv10
    mode http
    option forwardfor
    option httpclose
    stats enable
    stats hide-version
    stats refresh 10s
    stats show-desc Filr Backends
    stats show-legends
    stats realm HAProxy\ Statistics
    stats auth root:xxxxxxxx
    stats uri /stats
    stats scope Filr-Frontend
    stats scope Filr-Servers
    stats scope all_the_things
    stats scope stats
    stats refresh 20s