Running the Acrolinx Server Behind a Reverse Proxy
|Acrolinx Server||4.3, 4.4, 4.5, 4.6, 4.7, 5.0, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 2018.10|
Many organizations use a reverse proxy to provide secure access to servers that are protected behind a firewall. Users who are outside of the firewall can connect to servers by using the reverse proxy. If you have an existing reverse proxy, you can configure the Acrolinx Server to return all content such as reports and help files over the reverse proxy. When external users access the Acrolinx Server, all content that is loaded in the Dashboard or plug-ins is loaded by using the reverse proxy server address as the base address.
Before you configure the Acrolinx Server to run behind a reverse proxy, ensure that the following prerequisites are met:
- Your proxy server is secured with an SSL certificate
- Your proxy server is configured to communicate with the Acrolinx Server.
The proxy timeout limit is set to at least 3600.
This limit is recommended because checks can take longer over a secure connection.
If your proxy server and your Acrolinx Server communicate outside of a secure network, we recommend that you also secure your Acrolinx server with an SSL certificate. For more information on how to secure the Acrolinx Server, see the topic Securing Acrolinx Server Communication with HTTPS .
Reverse Proxy Configuration for SEO Users
If you use the SEO checking feature while running the server behind a reverse proxy, you must make a few extra configurations to enable communication with the SEO server. You make these configurations to ensure that external users can generate and open the SEO report.
Make sure that your proxy server listens on port 8035 and that your firewall also allows communication through this port.
Client applications connect to the SEO server through port 8035, so you must ensure that the SEO server is reachable through this port.
Make sure that the communication between the proxy server and the SEO server is done over an unsecure URL.
Due to limitations in the server infrastructure, you must configure your proxy server to forward requests to the SEO server using HTTP instead of HTTPS.
Communication between the core server and the proxy server must still use HTTPS so you must configure an exception for the SEO Server. Configure your proxy server so that requests that come through port 8035 are redirected to a URL that resembles the following example:
Configuring the Server to Run behind a Reverse Proxy
To configure the Acrolinx Server to run behind a reverse proxy, follow these steps:
Configure the external base URL for the core server:
Open your overlay of the core server properties file.
You find the overlay for the core server properties file in the following location:
Add the following property:
externalBaseUrl=http://acrolinxhost/Important: Enter a base URL only. Do not enter a base URL with a subdirectory such as
http://topspin.com/acrolinx/. Some Acrolinx components assume that Acrolinx is running at the top level of the host address. These components will not function if the internal base URL is redirected to a subdirectory of the external base URL.
If you have configured the Acrolinx Server to communicate using HTTPS, ensure that the reverse proxy server address begins with
httpsand that the address ends with a forward slash.
- Save your changes and restart the core server.
- Open your overlay of the core server properties file.
If you use the SEO checking feature, configure the external base URL for the SEO Server as well:
Open your overlay of the following file:
If you have not yet created an overlay of this file, create a new version of the file at the following location:
You can copy the installed version of this file from the following location:
Do not edit the installed version of the file. Instead, always edit your overlay copy in the configuration directory.
Add the following property:
Add the following property if you are using the Acrolinx Website Checker:
- Save your changes and restart the SEO server.
- Open your overlay of the following file: