{"id":10841,"date":"2022-02-05T08:08:10","date_gmt":"2022-02-05T16:08:10","guid":{"rendered":"https:\/\/www.coretechnologies.com\/blog\/?p=10841"},"modified":"2022-02-21T09:51:12","modified_gmt":"2022-02-21T17:51:12","slug":"reverse-proxy","status":"publish","type":"post","link":"https:\/\/www.coretechnologies.com\/blog\/alwaysup-web-service\/reverse-proxy\/","title":{"rendered":"AlwaysUp Web Service Supports Reverse Proxy Servers"},"content":{"rendered":"<div align=\"center\"><img loading=\"lazy\" decoding=\"async\" class=\"no-lazy-load\" src=\"\/blog\/images\/reverse-proxy.webp\" style=\"margin-bottom:20px;\" title=\"Reverse Proxy\" alt=\"Reverse Proxy\" border=\"0\" width=\"500\" height=\"275\"><\/div>\n<p><a href=\"\/products\/AlwaysUp\/AlwaysUpWebService\/\">AlwaysUp Web Service<\/a> version 13.2 was published on February 4 2022.<\/p>\n<p>This new release &mdash; which is fully certified for Windows 11 and <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/get-started\/whats-new-in-windows-server-2022\" target=\"_blank\" rel=\"noopener\">Windows Server 2022<\/a> &mdash; includes a handful of improvements and fixes. Consequently, please upgrade at your earliest convenience.<\/p>\n<p>But of all the new features, the ability to work with <a href=\"https:\/\/www.cloudflare.com\/learning\/cdn\/glossary\/reverse-proxy\/\" target=\"_blank\" rel=\"noopener\">reverse proxy servers<\/a> is the most impactful. So let&#8217;s dig into that capability today&#8230;<\/p>\n<h2 class=\"blog-caption\">What is a Reverse Proxy? Why would I use one?<\/h2>\n<p>A <a href=\"https:\/\/en.wikipedia.org\/wiki\/Reverse_proxy\" target=\"_blank\" rel=\"noopener\">reverse proxy<\/a> is an application that sits in front of one or more back-end services and enables users to access those services from a single location. In doing so, the proxy &#8220;hides&#8221; the location and other details of the back-end services from the users.<\/p>\n<p>For example, let&#8217;s take <a href=\"https:\/\/en.wikipedia.org\/wiki\/Acme_Corporation\" target=\"_blank\" rel=\"noopener\">Acme Inc<\/a> &mdash; an IT company that operates three web services. Acme hosts each web service on its own internal server, accessible at the following URLs:<\/p>\n<ul>\n<li>\n<p>http:\/\/10.0.0.104\/get-menu<\/p>\n<\/li>\n<li>\n<p>http:\/\/10.0.0.105\/wsapi\/v2\/create-booking<\/p>\n<\/li>\n<li>\n<p>http:\/\/10.0.0.106:8880\/daily-report.php<\/p>\n<\/li>\n<\/ul>\n<p>Because the web services are deployed on the company&#8217;s private network (10.x.x.x), none of them are accessible from the Internet. Therefore, customers cannot get menus, create bookings or view reports. And Acme wants to change that.<\/p>\n<p>To make the web services accessible to its customers, Acme introduces a reverse proxy. Their IT team deploys a new server and configures it securely at https:\/\/api.acme.com.<\/p>\n<p>Now customers can visit all three services under the same umbrella, at:<\/p>\n<ul>\n<li>\n<p>https:\/\/api.acme.com\/api\/food\/get-menu<\/p>\n<\/li>\n<li>\n<p><span class=\"break-long-words\">https:\/\/api.acme.com\/api\/reservations\/wsapi\/v2\/create-booking<\/span><\/p>\n<\/li>\n<li>\n<p>https:\/\/api.acme.com\/api\/reports\/daily-report.php<\/p>\n<\/li>\n<\/ul>\n<p>As a result, with the help of the reverse proxy, Acme has provided a valuable service to it&#8217;s customers &mdash; all with security, scalability and usability in mind!<\/p>\n<h2 class=\"blog-caption\">Reverse Proxy configuration<\/h2>\n<p>In order for AlwaysUp Web Service to work with a reverse proxy, the proxy must pass the following headers in each request it forwards:<\/p>\n<ol>\n<li>\n<p><b>X-Base-URL<\/b>: The path\/location where the proxy server serves AlwaysUp Web Service. For example, if AlwaysUp Web Service should be available at <b>http:\/\/proxy.acme.com\/alwaysup-web-service\/<\/b>, the X-Base-URL value should be <b>\/alwaysup-web-service\/<\/b>.<\/p>\n<\/li>\n<li>\n<p><b>X-Forwarded-For<\/b>: The originating IP address of the client connecting the proxy server. This allows AlwaysUp Web Service to track the true source of the request.<\/p>\n<\/li>\n<\/ol>\n<h2 class=\"blog-caption\">Reverse Proxy setup with NGINX<\/h2>\n<p>Let\u2019s review an example with <a href=\"https:\/\/www.nginx.com\/\" target=\"_blank\" rel=\"noopener\">NGINX<\/a> &mdash; a popular web server that supports reverse proxy configuration.<\/p>\n<p>Acme hosts AlwaysUp Web Service at http:\/\/10.10.0.1:8585. In addition, its Internet-facing proxy server is accessible at http:\/\/proxy.acme.com.<\/p>\n<p>To make AlwaysUp Web Service available to users outside of Acme&#8217;s internal network, the <a href=\"https:\/\/docs.nginx.com\/nginx\/admin-guide\/web-server\/reverse-proxy\/\" target=\"_blank\" rel=\"noopener\">server section<\/a> of the proxy&#8217;s NGINX configuration file looks like this:<\/p>\n<pre class=\"code-box\">\r\nserver {\r\n      listen 80;\r\n      location \/alwaysup\/ {\r\n            proxy_set_header X-Base-URL \/alwaysup-web-service\/;\r\n            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\n            proxy_pass http:\/\/10.10.0.1:8585\/;\r\n      }\r\n}\r\n<\/pre>\n<p>With that setup in place, Acme&#8217;s users can access AlwaysUp Web Service at <nobr>http:\/\/proxy-server\/alwaysup-web-service<\/nobr>.<\/p>\n<h3 class=\"blog-caption\">SSL Configuration<\/h3>\n<p>Setup is a tad more complicated when working with HTTPS. Assuming the same conditions as above, here is Acme&#8217;s NGINX configuration for the SSL scenario:<\/p>\n<pre class=\"code-box\">\r\nserver {\r\n      listen 443 ssl;\r\n      ssl_certificate \"ssl\/certificate.pem\";\r\n      ssl_certificate_key \"ssl\/certificate-key.pem\";\r\n      ssl_protocols TLSv1.2;\r\n      location \/alwaysup\/ {\r\n            proxy_set_header X-Base-URL \/alwaysup\/;\r\n            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\n            proxy_pass http:\/\/10.10.0.1:8585\/;\r\n      }\r\n}\r\n<\/pre>\n<p>Feel free to use the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Self-signed_certificate\" target=\"_blank\" rel=\"noopener\">self-signed certificate<\/a> files distributed with AlwaysUp Web Service. They are available in the &#8220;certificates&#8221; sub-folder of the installation directory.<\/p>\n<p>A <a href=\"https:\/\/www.coretechnologies.com\/products\/AlwaysUp\/AlwaysUpWebService\/example-nginx-reverse-proxy-configuration.conf\" target=\"_blank\" rel=\"noopener\">sample NGINX configuration file<\/a> (with server sections for both the HTTP and HTTPS scenarios) is available at our website.<\/p>\n<p style=\"margin-top:30px\">\nEnjoy!<br \/>\n<\/a><\/p>\n<!-- relpost-thumb-wrapper --><div class=\"relpost-thumb-wrapper\"><!-- filter-class --><div class=\"relpost-thumb-container\"><style>.relpost-block-single-image, .relpost-post-image { margin-bottom: 10px; }<\/style><h3>You may also like...<\/h3><div style=\"clear: both\"><\/div><div style=\"clear: both\"><\/div><!-- relpost-block-container --><div class=\"relpost-block-container relpost-block-column-layout\" style=\"--relposth-columns: 3;--relposth-columns_t: 2; --relposth-columns_m: 2\"><a href=\"https:\/\/www.coretechnologies.com\/blog\/customers\/versonix-cruise-reservation-system\/\"class=\"relpost-block-single\" ><div class=\"relpost-custom-block-single\"><img decoding=\"async\" loading=\"lazy\" class=\"relpost-block-single-image\" alt=\"AlwaysUp Helps Versonix Develop &amp; Test Their Cruise Reservation System\"  src=\"https:\/\/www.coretechnologies.com\/blog\/wp-content\/uploads\/versonix-customer-spotlight-150x150-1.webp\" style=\"aspect-ratio:1\/1\" style=\"aspect-ratio:1\/1\"><\/img><div class=\"relpost-block-single-text\"  style=\"height: 75px;font-family: Arial;  font-size: 12px;  color: #333333;\"><h2 class=\"relpost_card_title\">AlwaysUp Helps Versonix Develop &amp; Test Their Cruise Reservation System<\/h2><\/div><\/div><\/a><a href=\"https:\/\/www.coretechnologies.com\/blog\/http-ping\/http-ping-6-0-returns-http-status-code\/\"class=\"relpost-block-single\" ><div class=\"relpost-custom-block-single\"><img decoding=\"async\" loading=\"lazy\" class=\"relpost-block-single-image\" alt=\"Hey scripters, http-ping now returns the HTTP status code\"  src=\"https:\/\/www.coretechnologies.com\/blog\/wp-content\/uploads\/http-ping-love-150x150.png\" style=\"aspect-ratio:1\/1\" style=\"aspect-ratio:1\/1\"><\/img><div class=\"relpost-block-single-text\"  style=\"height: 75px;font-family: Arial;  font-size: 12px;  color: #333333;\"><h2 class=\"relpost_card_title\">Hey scripters, http-ping now returns the HTTP status code<\/h2><\/div><\/div><\/a><a href=\"https:\/\/www.coretechnologies.com\/blog\/service-security-editor\/change-windows-service-permissions-gui\/\"class=\"relpost-block-single\" ><div class=\"relpost-custom-block-single\"><img decoding=\"async\" loading=\"lazy\" class=\"relpost-block-single-image\" alt=\"Change Windows Service Permissions with Service Security Editor\"  src=\"https:\/\/www.coretechnologies.com\/blog\/wp-content\/uploads\/gear-document-150x150.png\" style=\"aspect-ratio:1\/1\" style=\"aspect-ratio:1\/1\"><\/img><div class=\"relpost-block-single-text\"  style=\"height: 75px;font-family: Arial;  font-size: 12px;  color: #333333;\"><h2 class=\"relpost_card_title\">Change Windows Service Permissions with Service Security Editor<\/h2><\/div><\/div><\/a><\/div><!-- close relpost-block-container --><div style=\"clear: both\"><\/div><\/div><!-- close filter class --><\/div><!-- close relpost-thumb-wrapper -->","protected":false},"excerpt":{"rendered":"<p>AlwaysUp Web Service version 13.2 was published on February 4 2022. This new release &mdash; which is fully certified for Windows 11 and Windows Server 2022 &mdash; includes a handful of improvements and fixes. Consequently, please upgrade at your earliest &hellip; <a href=\"https:\/\/www.coretechnologies.com\/blog\/alwaysup-web-service\/reverse-proxy\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":10876,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[201,109,273,272],"class_list":["post-10841","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-alwaysup-web-service","tag-alwaysup-web-service","tag-new-release","tag-nginx","tag-reverse-proxy"],"_links":{"self":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/10841","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/comments?post=10841"}],"version-history":[{"count":37,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/10841\/revisions"}],"predecessor-version":[{"id":10924,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/10841\/revisions\/10924"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/media\/10876"}],"wp:attachment":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/media?parent=10841"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/categories?post=10841"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/tags?post=10841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}