Your organization might already use a reverse proxy to provide secure access to servers behind a firewall. In this case, you'll need to configure your reverse proxy to recognize Acrolinx.
If you don't have a reverse proxy, we recommend setting one up in front of the Acrolinx Core Platform. You can either run the reverse proxy on the same computer as the Core Platform, or on a different computer.
We recommend a reverse proxy for increased security. For example, on Linux a reverse proxy can help to avoid privilege escalations -- you can create a dedicated Acrolinx Core Platform user with restricted permissions, and let the reverse proxy listen on ports that require superuser permissions. The Core Platform uses the default ports 80 and 443, which require superuser permissions.
Configuring Your Reverse Proxy
To run your Core Platform behind a reverse proxy, you'll need the following configuration:
- Your proxy server is secured with an SSL certificate.
- Your proxy server adds forwarding information. The following headers are supported:
Forwardedas defined by rfc7239
- The proxy timeout limit is set to at least 360 seconds.
If your Acrolinx Core Platform is running on the same computer as your reverse proxy, you can enable Transport Layer Security (TLS) termination on your reverse proxy.
If your reverse proxy and Acrolinx Core Platform are running on different computers, then you shouldn't enable TLS termination on your reverse proxy. In this case, secure your Acrolinx Core Platform with HTTPS.
Using Acrolinx for GitHub Behind a Reverse Proxy
If you're using Acrolinx for GitHub, you'll need to update the external base URL of the core server. This ensures that external users can’t see the real Acrolinx URL. Instead, external users see only the address of your proxy server when interacting with Acrolinx.
To configure the external base URL for the core server, follow these steps:
coreserver.propertiesfrom the Dashboard, go to Maintenance > Configuration Properties, then follow the folder structure config > server > bin and click on the file
coreserver.properties. You can then edit the properties directly from the Dashboard.
Alternatively, you can edit
coreserver.propertiesfrom the configuration directory:
Add the following property:
Enter a base URL only. Don’t enter a base URL with a subdirectory such as
http://demo-inc.com/acrolinx/. Some Acrolinx components assume that Acrolinx is running at the top level of the host address. These components won’t work if the internal base URL is redirected to a subdirectory of the external base URL.
- Save your changes and restart the core server.