Reverse Proxy

Learn how to configure a reverse proxy for REST.

  2 minute read  

This developer guide includes instructions for configuring REST behind a reverse proxy for Linux and Windows. This enabled REST to run on a private network.

Prerequisites

  • All servers have at least 2 network interfaces. One public network and one private network.

Windows

For Windows, the recommended reverse proxy is IIS with URL Rewrite and Application Request Routing (ARR) installed. For a clustered installation, configure the reverse proxy on the producer node.

  1. Install URL Rewrite - http://www.iis.net/downloads/microsoft/url-rewrite
  2. Install Application Request Routing (ARR) - https://www.iis.net/downloads/microsoft/application-request-routing
  3. Open the IIS Manager Console and click on the Default Web Site from the tree view on the left. Select the URL Rewrite Icon from the middle pane, and then double click it to load the URL Rewrite interface.

  1. Chose the ‘Add Rule’ action from the right pane of the management console, and the select the Reverse Proxy Rule from the Inbound and Outbound Rules category.

  1. Proceed to add the routing information. In the Reverse Proxy Rule, enter 127.0.0.1:8080 or the private IP address of the producer.

  1. Place REST on the private network by adding the line server.address=localhost to the application.properties file.

  2. For a clustered installation, place REST consumers on the private network by adding the line server.address=x.x.x.x to each of the application.properties files. This will vary from installation to installation.

  3. Restart Nuix RESTful Service

  4. By default, the reverse proxy will be available on port 80.

Linux

For Linux, we will use HAProxy as the reverse proxy.

  1. Install HAProxy

Red Hat Enterprise Linux

sudo yum install haproxy
sudo setsebool -P haproxy_connect_any=1

Ubuntu

sudo apt install haproxy
  1. Configure HA Proxy by creating/updating the file /etc/haproxy/haproxy.cfg
global
  log 127.0.0.1 local0
  log 127.0.0.1 local1 notice

defaults
  log global
  mode http
  option httplog
  option dontlognull
  timeout connect 5000
  timeout client 90000
  timeout server 90000

frontend stats
  bind *:8404
  stats enable
  stats uri /
  stats refresh 10s

frontend balancer
  bind 0.0.0.0:4000
  mode http
  default_backend webservers

backend webservers
  server rest-producer 127.0.0.1:8080 check

  1. Place the REST producer on the private network by adding the line server.address=localhost to the application.properties file.

  2. For a clustered installation, place the REST consumers on the private network by adding the line server.address=x.x.x.x to each of the application.properties files. This will vary from installation to installation.

  3. Restart Nuix RESTful Service

sudo systemctl restart nuix-rest
  1. Restart HA Proxy
sudo systemctl restart haproxy
  1. View the HA Proxy Stats page - http://yoururl:8404/stats
  2. HA Proxy is available in this configuration on port 4000. - http://yoururl:4000/nuix-restful-service/svc/v1/about.