Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
I need to setup a reverse proxy, in front of a Qlik Sense server. This reverse proxy handles that different domains, provide different services. Such as qs.domain.com proxied to qs.domain.local while sharepoint.domain.com goes to sharepoint.domain.local.
The reverse proxy runs fine, and does what it should .But I have a problem when I need to authenticate, and the reverse proxy jums to the 4248 for authentication. I've not been able to figure out how to fall back to the right port after auth.
Any ideas?
I'm running reverse proxy on IIS with Application Request Routing and URL rewrite.
Hi Stephane,
Absolutely. Here's the configuration I'm using:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
location / {
proxy_pass http://sense-pn.sense.local;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_redirect $scheme://$host:4248/form $scheme://$http_host/form/;
proxy_read_timeout 60m;
}
location /form/ {
proxy_set_header Host $http_host;
proxy_pass http://sense-pn.sense.local:4248;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 60m;
}
}
}
Hi Torben,
I have the same problem...
I didn't not find a solution yet.
Qlik has a paper saying its possible. Its just does not contain any details about how its actually done.
Hi Torben,
I think you have to write complex rewrite rules. Did you already tried to solve it just via header authentication in a first step?
bye
Konrad
Hi,
I'm facing a similar issue with Juniper as reverse proxy. In our case, autentication is done and session and ticket is issued for the user and the url with the ticket is received by Juniper (http://server/hub/?qlikTicket=fjIquFKJf0IYSEUf), but nothing happens. Juniper just keep waiting after the loggin page and ends by time out.
Does anybody knows if there is somethig We have to be aware regarding Qlik Sense Hub requirements? The only I can get from documentation is that clients must support websockets.
Does anyone solve this kind of issues?
Best regards.
Hi Christian,
I'm a bit further than you. Have you opened port 4248? And then try manually changing the url to http://server/form/?qlikTicket=fjIquFKJf0IYSEUf
The procedure for login is: Go to /hub which identifies that you're not logged in, which then forwards you to :4248/form/target? where you are being authenticated and send back to /hub/my/work/
This hop to and from 4248 is what you need to handle.
Hi Konrad,
The thing is that I'm unsure what exactly is the problem. In the last setup I've tested, I have it working internally but not externally. Which makes me believe that I'm missing a crucial rewrite part (header/cookie).
But what I'm doing now is forwarding everything on 2 ports 80/4248 based on a dns rule.
Hi guys,
Here's one way (if I understand your situation(s) correctly):
I used NGINX as a proxy since it supports web sockets and wrapped up both ports 80 & 4248 behind port 80.
So, a client only connects via port 80 and the proxy then reroutes the authentication part to 4248 when talking to the qlik sense proxy.
I filmed a short video of demonstrating this when working on an implementation scenario so take a look at the attachment and hopefully it's relevant to you as well.
Cheers,
Johannes
Interessting, I've not thought of doing just that. We are using IIS and ARR but the principle should be the same.
It came up as a requirement as the organization I was working with refused any additional ports besides 80/443 when accessing from outside.