How to setup a NGINX with a Reverse Proxy?

replied on January 29, 2020

Hi Olivier,

You can use Nginx as a reverse proxy with Laserfiche. The configuration depends on how you're using it within your solution architecture. Can you provide some more information about your use case? Make sure to answer at least the following questions:

What are you hoping to use Nginx for? Will your proxy(ies) be internal-facing, public-facing, or both?
What is the full list of Laserfiche applications you want to put behind the proxy?
Do any of the applications require logins? (e.g. not only anonymous portals)
Are you using LFDS for authentication?
Are there any end-users with AD accounts that would use Integrated Windows Authentication?
Is this an on-premises or cloud (AWS/Azure) environment?
Are you able to provide a simple diagram of the architecture you're looking to set up? If you upload one, please make sure to remove any customer-identifying details first.

Once you provide that information we can provide additional help.

Cheers,

Sam

3 0

replied on January 31, 2020

Hi Samuel,

Thanks for your help.

I tried to get all answers. Hope there will helps.

1. Public-facing.

2. Laserfiche Serveur, Laserfiche Form, Laserfiche Web Access, Laserfiche Mobile, Laserfiche Workflow, Laserfiche Import Agent

3. Yes ; Web Form, Web Access and Mobile require Laserfiche logins (and only Laserfiche logins).

4. Yes I used LFDS to generate licences

5. No, no any end-users with AD account's that would use integrated windows authentication.

6. Cloud (in my mind AWS but i’m not sure, I’ll ask for confirmation).

7. Is that enought ?

0 0

replied on January 31, 2020

Thanks Olivier, that's very helpful.

Before going any further, please confirm if it's an AWS environment. If so, you should absolutely use the AWS Application Load Balance (ALB) reverse proxy service protected with AWS Web Application Firewall.

You should have three listeners on the ALB/proxy:

HTTP on 80 - configure to redirect to HTTPS/443
HTTPS on 443 - for all web apps and LFS
HTTPS on 8181 - for the Forms Notification Service websocket connection

The Laserfiche Mobile Server only uses port 8089 for internal server communication. You do not need to and should not have it open on the proxy.

A few more questions:

What's the actual backend server configuration? Hopefully not all Laserfiche applications and SQL are on the same VM? If so is that something you can change?
How many users is this system for?
Why do external users need to connect directly to Laserfiche Server? They should be using Web Client to access the repository. The only normal use case I know of that requires direct LFS access is for Laserfiche Snapshot. The Microsoft Office Integration plugins should use the Web Client connection method in this scenario.

0 0

replied on February 3, 2020 • Show version history

Hi Samuel,

Thanks for all.

I had more information about the question 6 but still don't know if its a AWS or AZURE. It's a private hosted cloud in Tahiti Nui Fortress's Data Center. Consider it as on-premise. (Microsoft Windows Server/HyperV)

I'm going to try your solution and back to you asap.

Regards

EDIT : I didn't read your questions.

1. Windows Server 2019 Standard
Intel(R) Xeon(R) Silver 4110 CPU @ 2.10GHz
2.10GHz
RAM : 4Go
Yes all the applications LF and SQL are in the same machine and that something we can't/don't want to change for the moment ?

2. Less than 10 users (maybe 8)

3. No, the external users don't need to connect directly to Laserfiche Server, they only need to connect to repository using Web Client. But actually they can't use the Web Client because the elements are loading in loop. They don't see anything.

0 0

Question

Question

How to setup a NGINX with a Reverse Proxy?

Replies

Sign in to reply to this post.