Bonita behind a reverse-proxy

Learn how to set up a reverse proxy to expose Bonita web interface publicly while keeping the backend safe.

Context

Bonitasoft does not support anymore having Bonita Runtime running on a dedicated Tomcat server on one side, and Bonita Engine running on a dedicated Tomcat server on the other side.

If you have to expose Bonita Runtime or a Bonita-developed application publicly, but legitimately want to protect any other resources behind your firewall, you should set up a software architecture similar to this one:

Tomcat behind a firewall with reverse proxy

where the Web Server serves as a reverse proxy, and where the Tomcat server hosts Bonita.

Using Apache 2 HTTP server (aka httpd)

Apache HTTP server proposes the following infrastructure, with optionally several Bonita backend servers:

exposing Bonita backend servers behind a firewall

Activate the 2 proxy modules by running the commands:

sudo a2enmod proxy
sudo a2enmod proxy_http

To be able to customize URL rewrite rules, activate the rewrite module by running the command:

sudo a2enmod rewrite

An example of Apache 2 HTTP server configuration that works with Bonita could be:

your_domain.conf:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName your_domain
    ServerAlias www.your_domain.com
    DocumentRoot /var/www/your_domain
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine  on
    RewriteRule    "^(?!/bonita)(.*)$"  "/bonita$1" [R,L]
    RewriteRule    "^/(.*)"  "http://127.0.0.1:8080/$1" [P]

    ProxyRequests Off

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/

    <Location />
        Order allow,deny
        Allow from all
    </Location>

</VirtualHost>

Make sure to also configure Tomcat IP Valve for IP and protocol forwarding.

Read the complete Apache httpd documentation for detailed configuration capabilities.

Using NGINX

NGINX proposes the same functionality.