Setting Alternate Web Mappings for Reverse Proxy Servers
Use alternate web mappings to specify a URL for redirecting traffic to a different port, host, or protocol (e.g. HTTP to HTTPS). For example, all administration web services used by the Admin Console use the prefix ws/admin. An administrator can configure a reverse proxy for ws/admin and redirect the traffic. The new URL is then entered as an alternate web mapping.
In this tutorial, you will learn how to:
- Set alternate web mappings
Only HTTP and HTTPS protocols are supported. The following are necessary for configuring web mappings on HTTPS:
- You must obtain an SSL certificate for your desired host if you don’t already have one. A self-signed certificate cannot be used.
- Configure your Apache server to listen on port 443.
- Configure your Apache virtual host to use your SSL certificate. You must specify SSLCertificateFIle, SSLcertificateKeyFIle, and SSLCertificateChainFile.
- You must configure the reverse proxy on the Apache server for the desired web mappings before configuring in the Admin Console.
- Click System under Administration in the Admin Console navigation.
- On the System Administration page, click the Advanced tab.
Advanced system settings - Click Configure Web Mappings.
Alternate web mappings section - Enter the URL mappings you are redirecting, and click Set Mappings. Installations will be updated with the next package promotion.
Configuring web mappings
There are several things to note regarding the various mappings:
- Changing the Administrator Downloads or Administrator Web Services URL triggers a rebuild of the Admin Console because these URLs are included in the Admin Console installer so the Admin Console can establish communication on the first start up.
- If you change all web mappings, the option to make Delivery Hub listen on only Localhost becomes available. When this checkbox is selected, the Delivery Hub listens only on Localhost, which means the only way to reach the server is through the configured reverse proxy. Note that End-user Help can be configured or left unconfigured; either way allows you to use the Localhost option.
- The End-user Help URL can be any address to end-user documentation. Administrators can specify a URL to in-house end-user documentation, which is visible to users via the help link on the end-user portal. If logged into the portal as administrator, the help link opens administrator documentation shipped with SDC.
Support for Self Signed Certificates
With the help of custom Web Mappings https is supported on SDC, we are now allowed to upload a custom “cacerts” file from your already configured JVM to allow your self-signed certificates to be trusted by Java.
System Wide Level
This System Wide certificate will be injected to the Admin Console and all installers so that they can communicate with your Delivery Hub configured to use a Self Signed Certificate for SSL.
Note: You can also add the file at the package level.