Run Acrolinx Behind a Reverse Proxy

Many organizations use a reverse proxy to provide secure access to servers that are protected behind a firewall. Users who are outside of the firewall can connect to servers by using the reverse proxy. If you have an existing reverse proxy, you can configure Acrolinx to return all content such as reports and help files over the reverse proxy. When external users access Acrolinx, all content that is loaded in the Dashboard or integrations is loaded by using the reverse proxy server address as the base address.

Prerequisites

Before you configure Acrolinx to run behind a reverse proxy, ensure that the following prerequisites are met:

  • Your proxy server is secured with an SSL certificate
  • Your proxy server is configured to communicate with the Acrolinx Core Platform.
  • The proxy timeout limit is set to at least 3600.

    This limit is recommended because checks can take longer over a secure connection.


If your proxy server and your Acrolinx Core Platform communicate outside of a secure network, we recommend that you also secure your Acrolinx Core Platform with a SSL certificate. For more information on how to secure the Core Platform, see the topic Secure your Acrolinx URL with HTTPS.

Configuring Acrolinx to Run behind a Reverse Proxy

To run Acrolinx behind a reverse proxy, you must update the server properties so that external users cannot see the real server address. Instead, external users see only the address of your proxy server when interacting with Acrolinx.

To configure Acrolinx to run behind a reverse proxy, follow these steps:

  1. Configure the external base URL for the core server:
    1. Open your overlay of the core server properties file.

      You find the overlay for the core server properties file in the following location:

      %ACROLINX_CONFIGURATION_ROOT%\server\bin\coreserver.properties
    2. Add the following property:

      externalBaseUrl=<PROXY_SERVER_ADDRESS>

      Example: 

      externalBaseUrl=http://acrolinxhost/

      Important: Enter a base URL only. Do not enter a base URL with a subdirectory such as http://demo-inc.com/acrolinx/. Some Acrolinx components assume that Acrolinx is running at the top level of the host address. These components will not function if the internal base URL is redirected to a subdirectory of the external base URL.

      If you have configured the Acrolinx Core Platform to communicate using HTTPS, ensure that the reverse proxy server address begins with https and that the address ends with a forward slash.

      Example
      externalBaseUrl=https://acrolinxhost/
    3. Save your changes and restart the core server.