Proxy Config¶
Open Proxy Config¶
-
Open WebSphere ISC
This is usually accessible through a URL like:
https://[DEPLOY_MANAGER_ALIAS]:9043/ibm/console/logon.jsp
-
Open
Servers
->Server Types
=>Web servers
Click on the name of your web server
-
Click
Edit
on thehttp.conf
Configure Reverse Proxy¶
Boards can be configured either as a standalone domain, or on the same domain as HCL Connections. For details on these config options please see here. Please follow the appropriate instructions below:
a) New Boards Domain¶
The following configuration should be set when Huddo Boards is deployed as a new domain.
<VirtualHost *:443>
ServerName [BOARDS-URL]
ProxyPreserveHost On
ProxyPass / http://[KUBERNETES_NAME]/
ProxyPassReverse / http://[KUBERNETES_NAME]/
SSLEnable
# Disable SSLv2
SSLProtocolDisable SSLv2
# Set strong ciphers
SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA
SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA
SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA
</VirtualHost>
Connections SSO Header config¶
Info
The following configuration is required to load the Connections Header via SSO from the Boards domain.
Note
Customise the SetEnvIf
domain below as required for your Boards domain.
# Huddo Boards - allow CORS related access control headers in requests for
Header unset Access-Control-Allow-Origin
SetEnvIf Origin "https://(boards\.huddo\.com)$" AccessControlAllowOrigin=$0
Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Credentials "true" env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, Cache-Control, Content-Language, Expires, Last-Modified, Pragma, slug, X-Update-Nonce,x-ic-cre-request-origin,x-ic-cre-user,x-lconn-auth,x-shindig-st"
Header always set Access-Control-Expose-Headers "Content-Disposition, Content-Encoding, Content-Length, Date, Transfer-Encoding, Vary, ETag, Set-Cookie, Location, Connection, X-UA-Compatible, X-LConn-Auth, X-LConn-UserId, Authorization,x-ic-cre-user" env=AccessControlAllowOrigin
# Allow LtpaToken usage from Boards domain
Header edit Set-Cookie ^(.*)$ "$1; Secure; SameSite=None"
You may need to apply similar changes anywhere that the LtpaToken is issued. For example:
-
via an
nginx
proxy:# Allow LtpaToken usage from Boards domain proxy_cookie_flags LtpaToken Secure SameSite=None; proxy_cookie_flags LtpaToken2 Secure SameSite=None;
-
Verse integration - see HCL Domino documentation
Tip
Users may need to logout and login to Connections again for the LtpaToken cookie to be re-issued with SSO enabled
b) Existing HCL Connections domain¶
The following configuration should be set when Huddo Boards is deployed at a context root under the existing HCL Connections domain.
<VirtualHost *:443>
ServerName [CONNECTIONS_URL]
#Huddo Boards
ProxyPass "/boards" "http://[KUBERNETES_NAME]:[KUBERNETES_PORT]/boards"
ProxyPassReverse "/boards" "http://[KUBERNETES_NAME]:[KUBERNETES_PORT]/boards"
ProxyPass "/api-boards" "http://[KUBERNETES_NAME]:[KUBERNETES_PORT]/api-boards"
ProxyPassReverse "/api-boards" "http://[KUBERNETES_NAME]:[KUBERNETES_PORT]/api-boards"
#End Huddo Boards
</VirtualHost>
Where:
[BOARDS-URL]
is the URL of your Boards deployment (as a domain)[CONNECTIONS-URL]
is the URL of your HCL Connections deployment[KUBERNETES_NAME]
is the hostname/IP of the master in your cluster[KUBERNETES_PORT]
is the port of your Ingress Controller (ie 32080)