Configuring a proxy server (non OCP install)
Transformation Advisor can be configured to run behind a proxy server to support load balancing and enhanced security.
Transformation Advisor configuration
You need to set the externally accessible URL to those of the proxy server. You need to make these changes in .env and .env_orig files.
- Go to the install location and stop TA_LOCAL.
./launch.sh
Choose Stop Transformation Advisor from the menu option
- Now update the configuration.
cd scripts
vi .env
- Update the following variables with the appropriate values
based on your proxy server
- [PROXY_URL] : The URL the proxy server is listening at. You must enter a value for this placeholder.
- [PROXY_PORT] : The port the proxy server is listening at. You must enter a value for this placeholder.
TA_LOCAL_PUBLIC_ACCESSIBLE_API_SERVER_URL=<protocol>://[PROXY_URL]:[PROXY_PORT]
TA_PUBLIC_ACCESSIBLE_UI_URL=<protocol>://[PROXY_URL]:[PROXY_PORT]
vi .env_orig
- Update the following variables with the appropriate values
based on your proxy server
- [PROXY_URL] : The URL the proxy server is listening at. You must enter a value for this placeholder.
- [PROXY_PORT] : The port the proxy server is listening at. You must enter a value for this placeholder.
TA_LOCAL_PUBLIC_ACCESSIBLE_API_SERVER_URL=<protocol>://[PROXY_URL]:[PROXY_PORT]
TA_PUBLIC_ACCESSIBLE_UI_URL=<protocol>://[PROXY_URL]:[PROXY_PORT]
- If you have enabled authentication then you also need to update the callback URI
vi .security_config
TA_LOCAL_TA_AUTH_OIDC_CALLBACK_URI=<protocol>://[PROXY_URL]:[PROXY_PORT]/auth/callback
- Now start TA_LOCAL.
./launch.sh
Choose Start Transformation Advisor from the menu option
Proxy server configuration
The specific steps that you need to take will depend on the proxy server you are using. For TA_LOCAL to work you need to ensure the proxy server supports the following:
- Proxy to the UI port (3000 or 3443) and the Advisor port (2220)
- Maximum upload size for files to be large enough for your data, the recommended default value is 250MB
- UI proxy must support web sockets
- If TLS is enabled you must support SSL and configure your proxy with the appropriate certificate.
Sample configuration for nginx
A sample configuration is provided here to show the minimum configuration that is required for nginx. Further configuration should be applied based on your specific environment and requirements.
In this example: - The proxy server is available at proxy.example.com - TA_LOCAL is available at ta.example.com
Sample Non TLS configuration
server {
listen 3000;
server_name proxy.example.com;
client_max_body_size 250M; #Max upload size
location /lands_advisor/ {
proxy_pass http://ta.example.com:2220;
}
location / {
proxy_pass http://ta.example.com:3000;
#Support websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Sample TLS configuration
This sample assumes the proxy has generated its own self-signed certificate stored in snippets.
server {
listen 3443 ssl;
include snippets/self-signed.conf;
server_name proxy.example.com;
client_max_body_size 250M; #Max upload size
location /lands_advisor/ {
proxy_pass https://ta.example.com:2220;
}
location / {
proxy_pass https://ta.example.com:3443;
#Support websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
The self-signed.conf file references the location of the certificate and the key. This is a sample self-signed.conf file.
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;