Run Acrolinx Behind a Reverse Proxy

Your organization might already use a reverse proxy to provide secure access to servers behind a firewall. In this case, you'll need to configure your reverse proxy to recognize Acrolinx.

If you don't have a reverse proxy, we recommend setting one up in front of the Acrolinx Core Platform. You can either run the reverse proxy on the same computer as the Core Platform, or on a different computer.

We recommend a reverse proxy for increased security. For example, on Linux a reverse proxy can help to avoid privilege escalations -- you can create a dedicated Acrolinx Core Platform user with restricted permissions, and let the reverse proxy listen on ports that require superuser permissions. The Core Platform uses the default ports 80 and 443, which require superuser permissions.

Configuring Your Reverse Proxy

To run your Core Platform behind a reverse proxy, you'll need the following configuration:

  • Your proxy server is secured with an SSL certificate.
  • Your proxy server adds forwarding information. The following headers are supported:
    • Forwarded as defined by rfc7239

    • X-Forwarded-Host and X-Forwarded-Proto

  • The proxy timeout limit is set to at least 360 seconds.

If your Acrolinx Core Platform is running on the same computer as your reverse proxy, you can enable Transport Layer Security (TLS) termination on your reverse proxy.

If your reverse proxy and Acrolinx Core Platform are running on different computers, then you shouldn't enable TLS termination on your reverse proxy. In this case, secure your Acrolinx Core Platform with HTTPS.

Using Acrolinx for GitHub Behind a Reverse Proxy

If you're using Acrolinx for GitHub, you'll need to update the external base URL of the core server. This ensures that external users can’t see the real Acrolinx URL. Instead, external users see only the address of your proxy server when interacting with Acrolinx.

To configure the external base URL for the core server, follow these steps:

  1. Open the coreserver.properties

    To edit coreserver.properties from the Dashboard, go to Maintenance > Configuration Properties, then follow the folder structure config > server > bin and click on the file coreserver.properties. You can then edit the properties directly from the Dashboard.

    Alternatively, you can edit coreserver.properties from the configuration directory: %ACROLINX_CONFIGURATION_ROOT%\server\bin\coreserver.properties

  2. Add the following property:

    externalBaseUrl=<PROXY_SERVER_ADDRESS>
    Example
    externalBaseUrl=https://acrolinxhost/

    Important

    Enter a base URL only. Don’t enter a base URL with a subdirectory such as http://demo-inc.com/acrolinx/. Some Acrolinx components assume that Acrolinx is running at the top level of the host address. These components won’t work if the internal base URL is redirected to a subdirectory of the external base URL.

  3. Save your changes and restart the core server.