Setup Reverse Proxy¶
The Totalview Authentication Portal will generate authentication URLs to be used for the clients to authenticate. By default, the Authentication Portal will generate URLs relative to the host.
If the Authentication Portal is not running on the DMZ machine it can generate wrong addresses like ‘https://localhost/Authenticate?token=asdas-as123-asdas-123’. This can be changed by adding a Reverse Proxy to the host running on the DMZ machine.
Follow these steps if you want to setup reverse proxy for the Totalview Authentication Portal:
Verify that the appsettings.json has the desired host allowed in the App:AllowedHosts field. (e.g. if you want to forward from tv.formula.fo:44430, then you want *.formula.fo in the AllowedHosts)
Create the reverse proxy website on the IIS host. Just a normal website with the correct DNS that you would expect.
Click on URL Rewrite
In the Actions panel to the right, select View Server Variables
Add the variables
HTTP_X_FORWARDED_HOST
HTTP_X_FORWARDED_PROTO
Go back to URL Rewrite
Click Add rule then add Reverse Proxy
After the rule is created, find it and double click on the inbound rule (top one)
Go down to Server Variables and click Add
Select the HTTP_X_FORWARDED_HOST and write the desired reverse proxy host
This should not be needed but you can select the HTTP_X_FORWARDED_PROTO and set it to https