You are viewing limited content. For full access, please sign in.

Question

Question

Proper Set-Up For Forms When Using A Reverse Proxy

Forms Directory Server
Updated August 21, 2023
asked on October 7, 2021

I have a client I am working with to set up Forms to work with a reverse proxy server. In scanning Answers, I've drawn some general conclusions about what is required, most specifically based on this post, https://answers.laserfiche.com/questions/181810/reverse-proxy#182046. My understanding if that I want the public connecting to the proxy server to connect over HTTPS and have the connection be sustained over HTTPS internally to Forms, and therefore actually work with Forms using LfDS, the following has to be the case:

  • The proxy server will need to be set-up with a proper SSL certificate, one that I presume conforms to Laserfiche's guidelines; 
  • The proxy server must be set up to forward requests to the Forms server over HTTPS;
  • The Forms server must trust the certificate on the reverse proxy server.

 

Is that all correct as far as it goes, or have I gotten something incorrect? I would assume so for traffic going the other direction, but does the proxy server also need to trust the certificate on the Forms server? What am I missing?

Any guidance, from simple clarification, to best practices, to notes on what else needs to be done would be most welcome. For example, I'm assuming really nothing about the Forms server itself needs to be set up differently than usual to work with a proxy server. Is that really the case? Thanks in advance for any information provided.

0 0

Replies

replied on October 8, 2021

The Forms server must trust the certificate on the reverse proxy server

 

This is backwards. For the connection between the two servers, the proxy is the client and forms is the server. The client has to trust the server's certificate.

The proxy server must be set up to forward requests to the Forms server over HTTPS

 

I'll wait for someone more familiar with Forms to address this specific point, but note that for e.g. web client this isn't strictly required. It is easier to have everything over https, since otherwise the software needs to know that even though it's receiving requests over http, the user and browser see https. The standard way to do that is to have the proxy use the the "X-Forwarded-Proto" header.

0 0
replied on October 8, 2021 Show version history

Thanks Brian. I misunderstood that.

0 0
replied on August 21, 2023

Brian,

Do you know if the forms server uses the X-Forwarded headers to properly log the client IP address rather than the reverse proxy server? I've noticed all of our IP addresses logged on form process instances are of the reverse proxy server's IP address to the forms server. But maybe there's a setting somewhere?

Makoa

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...