Setting up a reverse proxy for RUM traffic
This tutorial explains how to setup an Apache Reverse Proxy on a bastion host that only forwards RUM calls and forbids all other traffic to the CoScale on-premise installation.
CoScale provides a pre-configured Docker image to use in your public Docker environment. This can be deployed using the Docker Swarm services or Kubernetes ReplicationControllers. The image supports using a url as destination.
Exposes the RUM Service on port 8080 and proxies the requests to http://coscale.company.com
To enable HTTPS:
- Set ENABLE_HTTPS=1
- Mount a directory containing https.crt, https.crt to /data/ssl.
Running on Kubernetes
The following configuration can be used to create a service that runs the rum-proxy (without HTTPS):
We’ll be using a Debian based Linux installation in this example, but most commands are applicable to all Linux environments.
Enable required Apache2 modules
You might not include all the modules mentioned below. E.g.: if you’re not going to use SSL or if you’re just forwarding and not interested in blocking (rewrite) anything.
Create a site config
Replace the servername
Replace the destination IP (
10.99.5.27 in the example) with the IP where the bastion host can reach the CoScale environment.
Configure the SSL part correctly or leave it out if you’re not using SSL.
[NC] means Not Case Sensitive [F,L] means Forbidden (send 403 forbidden) and Last (end the rewriting here) if the condition matches.
An example for the SSL part with letsencrypt certificate (replace the 3 lines):
Enable the site and disable the default site
Point the resolving / DNS for the hostname to the bastion host
Make sure the requests cannot go directly to the CoScale environment (firewall /separated network / …), but to the bastion host. Point the hostname to the IP of the bastion host, in DNS for everyone or in /etc/hosts, only for your host.