It's all about the answers!

Ask a question

Instead of renaming the public URL to implement SSL is it possible to use a reverse proxy to implement the HTTPS?

Christopher Eaves (611) | asked Oct 21 '14, 1:13 p.m.
edited Oct 22 '14, 7:08 a.m. by Paul Slauenwhite (8.4k12)

I've seen a similar question posted and I believe the answer to my question is yes but I just wanted to be sure. We want to keep the public URL the same which is HTTP and save ourselves from the hassle of a rename but we also want to implement SSL. Instead of renaming the public URL can we not use an IHS reverse proxy to handle the HTTPS requests and then offload them to CLM on WAS as HTTP? I know the offload is possible between IHS and WAS via the plug-in as I have tested this but I am not sure this will accomplish what I am wanting without needing to rename the public URL in CLM as well?



Donald Nong commented Oct 21 '14, 7:29 p.m.

Chris, I'm a bit confused with what you are trying to do. Based on the subject, it seems that the current public URI starts with http:// instead of https://. If you add a reverse proxy and keep the public URI, then the communication between the browser and the reverse proxy will still be http:// - unsecured, regardless whether it's SSL or not between the reverse proxy and WAS. So what are you going to achieve?

Christopher Eaves commented Oct 22 '14, 1:25 a.m.

Hey there Donald. I worked with the IHS team to setup a reverse proxy where from the client to the proxy it's forced to use SSL regardless if they enter HTTP or HTTPS from there the proxy talks to WAS via HTTP. While this meets my need for securing the traffic between the client and the application I am not sure if this will solve the problem of the JTS public URI being HTTP and all the artifacts etc that they say can be broken when a different URL is used than the hard coded one that was initially entered when I ran the setup. I read through all the renaming scenarios and the ones specific to using a reverse proxy as an alternative to renaming but could never really find a solid answer on this point. The following was the closest answer.

Excerpt: YES - Use existing web, proxy, and other network infrastructure to listen on various URLs to help direct users to the correct system via forwarding.

Christopher Eaves commented Oct 22 '14, 1:30 a.m.

Ran out of space as I realized I forgot to clarify what I am trying to do which is not have to rename the HTTP public URL to HTTPS which is an involved process that they recommend you avoid if at all possible.

Be the first one to answer this question!

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.