Question

Laserfiche :S2S Server to Server Call

Laserfiche

Updated May 6, 2021

asked on May 6, 2021 • Show version history

Dear team,

Our key client plan to relocate environment to GCP and want to make sue how LF manage S2S. The diagram attached shows the high-level architecture of our Laserfiche deployment after migration to GCP (Google Cloud Platform).

As can be seen from the diagram Laserfiche is hosted behind a reverse proxy (Citrix Netscaler). End-users (clients) access the URL https://laserfiche.xxxxx.org/laserfiche and connect to the reverse proxy, which in turn opens a connection to the Laserfiche host on behalf of the end-user.

Our question is: Are there cases where Laserfiche makes self-referencing connections using the DNS name laserfiche.xxxxx.org, i.e. "calls itself" using the DNS name laserfiche.xxxxx.org? Such a connection would traverse the reverse proxy before returning to the Laserfiche host (as indicated by the red arrow).

Thanks in advance.

Regards,

Diagram.png (70.03 KB)

| Download

0 0

Replies

replied on May 6, 2021

The Laserfiche Server does not initiate calls to the web client.

1 0

replied on May 6, 2021

For certain operations, the web client does need to call into itself. It will use the hostname present in the incoming request. In your configuration, that should be an internal name rather than the name of the reverse proxy.

Since you are terminating HTTPS at the reverse proxy, make sure you enable the standard "X-Forwarded-Proto" header so that the web client knows that it can/should do things like mark cookies as "secure".

Your diagram suggests that you intend to use Kerberos. It would probably be easier to do Windows authentication with LFDS. If everything in the diagram is on the same domain that may work, though proxies can complicate the situation significantly.

1 0

You are not allowed to follow up in this post.

Question

Question

Laserfiche :S2S Server to Server Call

Replies

Sign in to reply to this post.