TISGraph Webserver Integration
General
TISGraph may be integrated into reverse proxied environments by configuring the following routes inside a reverse proxy's virtual host (please keep list sorted):
TISGraph's application routes.
/dojo/* ⟶ myhost:8081/dojo
/dojoSketch/* ⟶ myhost:8081/dojoSketch
/fonts/* ⟶ myhost:8081/fonts
/geoimp/* ⟶ myhost:8081/geoimp
/geoimp-impl/* ⟶ myhost:8081/geoimp-impl
/geoshapes/* ⟶ myhost:8081/geoshapes
/http-login/* ⟶ myhost:8081/http-login
/multi/* ⟶ myhost:8081/multi
/oauth-login/* ⟶ myhost:8081/oauth-login
/sketch-font-info/* ⟶ myhost:8081/sketch-font-info
/sketch-url-editors/* ⟶ myhost:8081/sketch-url-editors
/tisgraph/* ⟶ myhost:8081/tisgraph
/tis-graph-data/* ⟶ myhost:8081/tis-graph-data
/wdb-web/* ⟶ myhost:8081/wdb-web
/wiski7/* ⟶ myhost:8081/wiski7
myhost denotes the application server's hostname or IP address.
Apache httpd configuration example
The following example is the above mentioned setup translated to an apache2 virtual host configuration snippet:
apache http config example
<Location /tisgraph>
ProxyPass http://127.0.0.1:8081/tisgraph
ProxyPassReverse http://127.0.0.1:8081/tisgraph
</Location>
<Location /tis-graph-data>
ProxyPass http://127.0.0.1:8081/tis-graph-data
ProxyPassReverse http://127.0.0.1:8081/tis-graph-data
</Location>
<Location /dojo>
ProxyPass http://127.0.0.1:8081/dojo
ProxyPassReverse http://127.0.0.1:8081/dojo
</Location>
<Location /dojoSketch>
ProxyPass http://127.0.0.1:8081/dojoSketch
ProxyPassReverse http://127.0.0.1:8081/dojoSketch
</Location>
<Location /wdb-web>
ProxyPass http://127.0.0.1:8081/wdb-web
ProxyPassReverse http://127.0.0.1:8081/wdb-web
</Location>
<Location /fonts>
ProxyPass http://127.0.0.1:8081/fonts
ProxyPassReverse http://127.0.0.1:8081/fonts
</Location>
<Location /multi>
ProxyPass http://127.0.0.1:8081/multi
ProxyPassReverse http://127.0.0.1:8081/multi
</Location>
<Location /sketch-url-editors>
ProxyPass http://127.0.0.1:8081/sketch-url-editors
ProxyPassReverse http://127.0.0.1:8081/sketch-url-editors
</Location>
<Location /sketch-font-info>
ProxyPass http://127.0.0.1:8081/sketch-font-info
ProxyPassReverse http://127.0.0.1:8081/sketch-font-info
</Location>
<Location /http-login>
ProxyPass http://127.0.0.1:8081/http-login
ProxyPassReverse http://127.0.0.1:8081/http-login
</Location>
<Location /oauth-login>
ProxyPass http://127.0.0.1:8081/oauth-login
ProxyPassReverse http://127.0.0.1:8081/oauth-login
</Location>
<Location /wiski7>
ProxyPass http://127.0.0.1:8081/wiski7
ProxyPassReverse http://127.0.0.1:8081/wiski7
</Location>
Please assure, that mod_proxy
is enabled and note,mthat the usualy SSL/TLS settings need to be include for TLS-terminating Reverse Proxy setups.
Microsoft Internet Information Server configuration
Adding IIS to a Windows Server 2016+
Windows Server 2012R2 seems to be most common platform in Windows-oriented companies, therefore we created this Mini-HowTo on this version. The steps should similar for other Windows versions, though.
In "Server Manager" click on "Add roles and features", then:
"Before you begin", click "Next"
"Installation Type": Keep "Role-based ...", click "Next"
"Server Selection": Select the server you want to add IIS to, click "Next"
"Server Roles": If "Webserver (IIS)" is already checked, IIS is already installed and you can skip to the next chapter, "Configuring ... as Reverse Proxy for TISGraph".
Otherwise check "Webserver (IIS)"
- New dialog "Add Roles and Features Wizard", click "Add Features"
Back in wizard: Click "Next"
"Features": Click "Next"
"Web Server Role (IIS)": Click "Next"
- Sub node "Role Services", i.e. IIS component selection: The preselection seems fine but "HTTP-Rediction" might be useful. Apart from that only check additional components if you know what you are doing
Click "Next"
"Confirmation": Click "Install".
Wait.
Click "Close"
Feel free to test the setup right now. IIS sites come with a default landing page. Maybe create a TISGraph specific landing page right now, as described at the bottom of this page.
Installing IIS Modules "URL Rewrite-Module 2.0" and "Application Request Routing (ARR) 3.0"
This step can be done using individual MSI downloads from AAR Module Download Site and Rewrite Module Download Site
Please install both downloaded MSI files, rewrite_amd64_en-US.msi
as well as requestRouter_amd64.msi
.
If the IIS Manager is open it has to be closed and reopened to make these modules accessible through that GUI.
In order to activate the Reverse Proxy select "Application Request Routing Cache" ⟶ "Server Proxy Settings" and activate the proxy like in the following screenshot:
Configuring an IIS site as Reverse Proxy for TISGraph
Finding the URL Rewrite settings
These steps all happen in "Internet Information Services (IIS) Manager".
There are other plenty ways to start the "Internet Information Services (IIS) Manager", but I assume the "Server Manager" is still open:
in "Server Manager" click / "IIS", select your server (i.e. "MYSRV"), right-click it, click "Internet Information Services (IIS) Manager"
In the IIS-Manager's left pane navigate to "MYSRV" (or whatever server you want to do that on).
Sometimes Windows invites you to "get started with Microsoft Web Platform to stay connected with latest Web Platform Components". Decide ac. your own taste.
Navigate deeper, to "Sites"
Select "Default Web Site" or whatever site you want to use. Feel free to create a new site as dedicated TISGraph accessor.
If you want to encrypt access to TISGraph, i.e. use SSL, set this up before you continue with the actual reverse proxy entries
Double click "URL Rewrite". The center pane now is titled "URL Rewrite" and shows lists of "Inbound Rules" and "Outbound Rules".
Creating the first rule
In the "Actions" pane (right) click "Add Rule(s) ..."
New dialog "Add Rule(s)": Click "Reverse Proxy" and "OK"
When creating the first Reverse Proxy rule a new dialog "Add Reverse Proxy Rules" usually shows up, saying "Proxy functionality must be enabled in ARR ...": Click "OK".
New dialog "Add Reverse Proxy Rules": As "server name or IP address where HTTP requests will be forwared", enter the name of your TISGraph server. If TISGraph is installed on the same machine, enter "localhost" or "127.0.0.1". Click "OK".
Rule philosophies
This rule forwards all requests to port 80 on the specified target server. This is NOT what we need.
We need to forward to the HTTP port of the OSGi runner executing your TISGraph installation, i.e. 8081.
For security reasons we want to only forward the URL paths listed in this tutorial.
There are two ways to adapt the first rule and create more rules. A GUI way and a XML editing way.
Completing rules the GUI way ...
The following steps assume that the OSGi runner is configured to listen on 127.0.0.1:8081, if your OSGi runner listens somewhere else adapt the values entered accordingly.
Double click the "Inbound rule"
"Requested URL": Keep "Matches the pattern"
"Using": Keep "Regular Expressions"
"Pattern": Change
(.*)
totisgraph/(.*)
, i.e. insert the first path to forward,tisgraph/
"Ignore case": Can and should be unchecked
"Rewrite URL": Change from
http://127.0.0.1/{R:1}
tohttp://127.0.0.1:8081/tisgraph/{R:1}
, i.e. insert ":8081" as port specification and "tisgraph/" as 1st relative path from the list again."Append query string" must be kept checked
"Log rewritten URL" is of no importance
"Stop processing of subsequent rules" must be kept checked
There is no "OK" button, so click "Apply" and "Back to Rules" in the right pane
If security is no concern whatsoever it'd be OK to leave out or take back the 'tisgraph/" insertions in that first rule, and we'd be done.
However we highly recommend to not create a site-global Reverse Proxy rule but to only create specific forward rules for the URL paths listed.
After adding all path specific rules they should look like this (this test server targets an osgi-runner on 10.123.224.4:8081
):
Besides "tisgraph/", "tis-graph-data/", ... it might be useful to create another rule for "dojo-config-manager/" but if doing so please restrict access to that rule as strong as possible, i.e. to your Desktop's IP.
There should be no need to restart the site or the IIS, every rule should apply immediately after clicking "Apply".
... or completing rules the XML editing way
If you dislike GUIs and love text editors (as in notepad++, not Word), you can simply click "Explore" (in the right pane) and edit the "web.config" file in a reasonable text editor.
Each "Inbound Rule" is simply an XML element in that file and can be copy-and-changed.
It should be OK to use the complete example below and search/replace the target IP:Port part:
web.config example
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRuleTisgraph" stopProcessing="true">
<match url="tisgraph/(.*)" ignoreCase="false" />
<action type="Rewrite" url="http://127.0.0.1:8081/tisgraph/{R:1}"/>
</rule>
<rule name="ReverseProxyInboundRuleTisGraphData" stopProcessing="true">
<match url="tis-graph-data/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/tis-graph-data/{R:1}" />
</rule>
<rule name="ReverseProxyInboundRuleDojo" stopProcessing="true">
<match url="dojo/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/dojo/{R:1}" />
</rule>
<rule name="ReverseProxyInboundRuleDojoSketch" stopProcessing="true">
<match url="dojoSketch/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/dojoSketch/{R:1}"/>
</rule>
<rule name="ReverseProxyInboundRuleWdbWeb" stopProcessing="true">
<match url="wdb-web/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/wdb-web/{R:1}"/>
</rule>
<rule name="ReverseProxyInboundRuleFonts" stopProcessing="true">
<match url="fonts/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/fonts/{R:1}"/>
</rule>
<rule name="ReverseProxyInboundRuleMulti" stopProcessing="true">
<match url="multi/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/multi/{R:1}"/>
</rule>
<rule name="ReverseProxyInboundRuleSketchUrlEditors" stopProcessing="true">
<match url="sketch-url-editors/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/sketch-url-editors/{R:1}"/>
</rule>
<rule name="ReverseProxyInboundRuleSketchFontInfo" stopProcessing="true">
<match url="sketch-font-info/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/sketch-font-info/{R:1}"/>
</rule>
<rule name="ReverseProxyInboundRuleHttpLogin" stopProcessing="true">
<match url="http-login/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/http-login/{R:1}"/>
</rule>
<rule name="ReverseProxyInboundRuleOAuthLogin" stopProcessing="true">
<match url="oauth-login/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/oauth-login/{R:1}"/>
</rule>
<rule name="ReverseProxyInboundRuleWiski7" stopProcessing="true">
<match url="wiski7/(.*)" />
<action type="Rewrite" url="http://127.0.0.1:8081/wiski7/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>