Secure Proxy Installation

From Gcube Wiki
Jump to: navigation, search


GCube secure proxy is a solution to expose unsecure legacy services by using TLS without modifying or reconfiguring them.


Installation and simple configuration

GCube secure proxy is a war file (httpproxy.war) which leverages on Smart Gear facilities. The web application acts as a proxy for a list of URL (Domain Filter) to be defined on the Information System under the considered VRE.

The URL list on the Information System is defined in a Generic Resource with the following features:

  • SecondaryType: SecureProxyDomains
  • Name: ProxiedDomains


<Body>
    <Domains>
          <domain>Name of the first URL or Domain</domain>
          <domain>Name of the second URL or Domain</domain>
          <domain>...</domain>
    </Domains>
</Body>


Advanced configuration

The configuration file

properties.properties

in the folder

<war root>/WEB-INF/classes

contains two useful properties, especially for test and debug, concerning the Domain Filter in particular:

  • domainFilterEnabled (default false): enabling or disabling the Domain Filter
  • domainFilterdefaultForward (default false): if true and the Domain Filter is empty, the request is forwarded

Furthermore it is possible to configure the following parameters:

  • domainFilterdefaultExpiringTime (default 60): the time (in seconds) after which a certain url the cached Domain List is considered expired and will be reloaded when a new request will reach the proxy
  • rewriteURI (default false): if false the URI present in the body of the response concerning the proxied domain will not be modified. If true they will be modified (i.e. replaced with proxied URI) accoding to the following detailed options:
    • rewriteURIHTML (default true): if false prevents the proxy to rewrite URIs in HTML bodies. If not present (or true) and rewriteURI is true the URIs in HTML documents will be modified
    • rewriteURIJavaScript (default true): if false prevents the proxy to rewrite URIs in JavaScript bodies. If not present (or true) and rewriteURI is true the URIs in Javascript responses will be modified
    • rewriteURIJSon (default true): if false prevents the proxy to rewrite URIs in JSon bodies. If not present (or true) and rewriteURI is true the URIs in JSon responses will be modified

Use

The URL to access a proxied resource is the following:

https://<proxy base URL>/httpproxy/proxy/<proxied resource>