Product: LaunchPad   

Audience: ClassLink Administrator 

Note: After changing any configurations, make sure to click the checkbox that states "Apply Change Immediately?" before saving the changes.

 

After setting up a reverse proxy server, the process of adding apps is primarily handled through the Reverse Proxy Config Tool. The information added through this tool is reformatted and sent to the server as a proxy configuration file. This article will explain how to navigate the reverse proxy app creation process.

 

 

Overview

• Scenario
• Configuring DNS and firewall
• Creating a new reverse proxy
• Editing reverse proxy certificates
• Adding hosts
• Adding locations

Scenario

As an example, we have finished configuring a reverse proxy server, and we would like to add an internal app. In this case, the app we would like to add is https://appurl.myrpurl.org/.

Configuring DNS and firewall

As explained in the Reverse Proxy Requirements Article, a DNS "A" record pointing to the server both internally and externally is required. In this example, the URL of the server would be https://clinkrp.myrpurl.org/. Additionally, the following are required for all apps created:

1. Each application requires both an internal and external DNS entry.
   1. The first application must use the server's A record.
   2. All subsequent applications need a CNAME record pointing to the A record.
2. Firewall communications must be allowed between the reverse proxy server and the application server.

The DNS entries created here will serve as hosts for each app.

Creating a new reverse proxy

The first step is to create a reverse proxy server entry. This consists of the following steps:

1. Input the API URL - must point to port 3000
2. Input the API Key
   • The API key is the same value stored in the ADMIN_API_KEY variable from the .env file in the /opt/classlink/reverse-proxy-api directory on the proxy server

Editing reverse proxy certificates

After creating the proxy entry, click on the black button in the middle of the five icons towards the right. This will bring you to a page where the certificates can be added or modified. Click on the Add New Certificate button, and select the appropriate values for each dropdown. Please note that the Intermediate Path value should point to the chain.crt file. If the certificates do not appear in the drop-down menus, there is a misconfiguration on the proxy server.

Note: The two sections listed above are only necessary when creating your first app. All subsequent apps will only require a CNAME DNS record, and can be added by following the steps below.

Adding hosts

To add a host, navigate back to the first page, and click on the entry itself (not any of the buttons). This will bring you to a page where you can add hosts. Click the Add New Host button, and fill out the information as follows:

1. Both Enable HTTPS and GWS Protected should be set to True
2. There should be one value to select under Certificate ID
3. The External IP can either be the exact IP of the host or simply *
4. Enter the appropriate name for the External Host
5. The External Port should be set to 443

Note: In this example, the host name is clinkrp.myrpurl.org, which is the A record defined for the server. For all additional apps, the host name can be whatever name you choose, as long as there is a matching CNAME record.

 

Adding locations

Once the host has been created, click on the host entry (not any of the buttons) to access the location page. A location refers to an app, with each host only containing one location. It is possible to create multiple locations under one host, but this should only be done in very specific circumstances, and should be avoided if possible. To add a location, click the Add New Location button and fill out the app information as follows:

1. Set the Path to /
2. The Internal URL Base should be the application's base URL, not including anything after the third slash (In this example, it would be https://appurl.myrpurl.org/)
3. The Landing Page should be set to the intended landing page (anything omitted from the Internal URL Base) or simply left blank
4. There should be a / after both the internal URL base and the landing page (if applicable)
5. Paste the following set of configurations into the Custom Config box:

6. Header edit* location "[location url]"  "[host url]"
   ProxyPassReverseCookieDomain [location url] "[host url]"
   ProxyPassReverse "[location url]"
   ProxyPassReverseCookiePath  / /
   
   ProxyHTMLEnable On
   ProxyHTMLExtended On
   RequestHeader unset Accept-Encoding
   ProxyHTMLCharsetOut *
   AddOutputFilterByType SUBSTITUTE text/html
   AddOutputFilterByType SUBSTITUTE text/plain
   AddOutputFilterByType SUBSTITUTE text/javascript
   AddOutputFilterByType SUBSTITUTE text/js
   AddOutputFilterByType SUBSTITUTE text/xml
   AddOutputFilterByType SUBSTITUTE application/xml
   AddOutputFilterByType SUBSTITUTE application/json
   AddOutputFilterByType SUBSTITUTE application/javascript
   AddOutputFilterByType SUBSTITUTE application/x-javascript
   AddOutputFilterByType SUBSTITUTE application/js
   AddOutputFilterByType SUBSTITUTE application/x-www-form-urlencoded
   AddOutputFilterByType SUBSTITUTE application/ecmascript
   AddOutputFilterByType SUBSTITUTE application/x-ecmascript
   Substitute "s|[location url]|[host url]|i"

7. Replace all bracketed parts with the appropriate values and exclude https:// (In this example, [location url] would be replaced with app.myrpurl.org, and [host url] would be replaced with clinkrp.myrpurl.org).

Repeat the host and location setups as necessary.