Bonita behind a reverse-proxy
Learn how to set up a reverse proxy to expose Bonita web interface publicly while keeping the backend safe.
Context
|
Bonitasoft does not support anymore having Bonita Runtime running on a dedicated Tomcat server on one side, and Bonita Engine running on a dedicated Tomcat server on the other side. |
If you have to expose Bonita Runtime or a Bonita-developed application publicly, but legitimately want to protect any other resources behind your firewall, you should set up a software architecture similar to this one:
where the Web Server serves as a reverse proxy, and where the Tomcat server hosts Bonita.
Using Apache 2 HTTP server (aka httpd)
Apache HTTP server proposes the following infrastructure, with optionally several Bonita backend servers:
Activate the 2 proxy modules by running the commands:
sudo a2enmod proxy sudo a2enmod proxy_httpbash
To be able to customize URL rewrite rules, activate the rewrite module by running the command:
sudo a2enmod rewritebash
An example of Apache 2 HTTP server configuration that works with Bonita could be:
your_domain.conf:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName your_domain
ServerAlias www.your_domain.com
DocumentRoot /var/www/your_domain
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule "^(?!/bonita)(.*)$" "/bonita$1" [R,L]
RewriteRule "^/(.*)" "http://127.0.0.1:8080/$1" [P]
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>xmlMake sure to also configure Tomcat IP Valve for IP and protocol forwarding.
Read the complete Apache httpd documentation for detailed configuration capabilities.