Product: LaunchPad
Audience: ClassLink Administrator
ClassLink's Reverse Proxy service allows users the ability to access internal apps (websites) from any external network through LaunchPad. The setup of a Reverse Proxy requires the configuration of a dedicated server, with a series of precise requirements needed for the proxied apps to function properly.
Overview
Hardware Requirements
Minimum Requirements - Virtual or Physical
- CPU: At least 2vCPUs VM; 2.0 GHz 64-bit (x64)
- RAM: At least 4 GB Minimum
- HDD: At least 20 GB free space
Software Requirements
Operating System: Linux (CentOS 7: Basic Web Server is required)
Server Network
- Public IP Address mapped to the server's internal IP over ports 443 and 3000
- External and Internal DNS Record
- A DNS "A" record must be assigned to the webserver on a public DNS provider (pointing to the external IP address of the server) and on the internal DNS (pointing to the internal IP address of the server).
- SSL certificate
- The certificate, key, and chain files MUST all be provided.
Note: A wildcard certificate is mandatory for the server to function properly.
DMZ Firewall
Direction | Source | Destination | TCP Ports |
Outside to DMZ | Any | Reverse Proxy Server | 443 & 3000 |
DMZ to Inside | Reverse Proxy Server | Target internal IP addresses of sites being proxied | The ports the target sites are listening on; varies depending on the web app (most will be 443 or 80) |
Applications
- Each application requires both an internal and external DNS entry.
- The first application can use the server's A record.
- All subsequent applications need a CNAME record pointing to the A record.
- Firewall communications must be allowed between the reverse proxy server and the application server.
Updated Sep 2020