Setup Reverse Proxy

The Totalview Authentication Portal will generate authentication URLs to be used for the clients to authenticate. By default, the Authentication Portal will generate URLs relative to the host.

If the Authentication Portal is not running on the DMZ machine it can generate wrong addresses like ‘https://localhost/Authenticate?token=asdas-as123-asdas-123’. This can be changed by adding a Reverse Proxy to the host running on the DMZ machine.

Follow these steps if you want to setup reverse proxy for the Totalview Authentication Portal:

1. Verify that the appsettings.json has the desired host allowed in the App:AllowedHosts field. (e.g. if you want to forward from tv.formula.fo:44430, then you want *.formula.fo in the AllowedHosts)

2. Create the reverse proxy website on the IIS host. Just a normal website with the correct DNS that you would expect.

3. Click on URL Rewrite

4. In the Actions panel to the right, select View Server Variables

5. Add the variables

   • HTTP_X_FORWARDED_HOST

   • HTTP_X_FORWARDED_PROTO

6. Go back to URL Rewrite

7. Click Add rule then add Reverse Proxy

8. After the rule is created, find it and double click on the inbound rule (top one)

9. Go down to Server Variables and click Add

10. Select the HTTP_X_FORWARDED_HOST and write the desired reverse proxy host

11. This should not be needed but you can select the HTTP_X_FORWARDED_PROTO and set it to https