Qlik Community

Qlik Sense Integration, Extensions, & APIs

Discussion board where members can learn more about Integration, Extensions and API’s for Qlik Sense.

Luminary
Luminary

Re: Reverse Proxy and Authentication port redirect

Thibaut,

You should make sure that you keep the qlikticket or targetId parameters in the url. If you have an error, and you are hanging on the auth page. Then the proxy cannot figure out what to do. If that occours point it back to the hub with a clean url.

If thats not the problem, then try to post your config.

Not applicable

Re: Reverse Proxy and Authentication port redirect

Torben,

Thanks for answering, the problem wasn't the config and I keep the qlikticket parameter in the URL.

I found that a proxy blocks websockets for port 3000.

Now it works fine.

Employee
Employee

Re: Reverse Proxy and Authentication port redirect

Hi Johannes. Thanks for sharing this straight-forward config file for nginx. I use it with success, only thing that does NOT work is the importing (uploading) of files in the QMC Apps page. uploading a .txt file into a Content Library works fine. It is NOT the app itself, the same file can be uploaded if I bypass nginx and access the Sense Server QMC directly. So I suspect, this could be a config entry around mime-types which is missing in your above config example? Do you have any idea? Thank you.

Partner
Partner

Re: Reverse Proxy and Authentication port redirect

Thanks for posting your nginx config, seebach‌, it was a great help.  One of our clients prepared a modified version intended for use with LetsEncrypt & Certbot that I wanted to post back here in case it is useful for others:

https://git.saxx.tech/snippets/6

server {

    listen 443 ssl;

    server_name qlik.example.com;

    root /var/www/qlik.example.com;

    index index.html;

    charset utf-8;

    location / {

        proxy_pass              https://192.168.0.1:443;

        proxy_redirect          https://192.168.0.1:443 https://qlik.example.com;

        # Headers

        proxy_set_header        Host $host;

        proxy_set_header        X-Real-IP $remote_addr;

        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header        X-Forwarded-Proto $scheme;

        # To support websockets

        proxy_set_header        Upgrade $http_upgrade;

        proxy_set_header        Connection "upgrade";

        # Qlik requires the HTTP/1.1 protocol for the backend connection

        proxy_http_version      1.1;

    }

    location = /favicon.ico { access_log off; log_not_found off; }

    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;

    error_log  /var/log/nginx/qlik.example.com-error.log error;

    sendfile off;

    client_max_body_size 100m;

    location ~ /\.ht {

        deny all;

    }

    # Used for CertBot to automatically create challenges for re-issuing SSL certs

    location /.well-known {

      root /var/www/letsencrypt;

    }

    ssl_certificate     /etc/letsencrypt/live/qlik.example.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/qlik.example.com/privkey.pem;

}

Regards,

Mark