1Integrate and Reverse Proxies

Securing 1Integrate using an SSL enabled reverse proxy

If you are securing 1Integrate by using an SSL enabled reverse proxy, then you have the following to consider, dependent on the application server you are using:

  • The server hosting the 1Integrate interface will need to be configured to ensure that it knows it is running behind a proxy

  • The proxy server will also need to be configured to communicate specific headers to the 1Integrate server to confirm that the connection from the client to the proxy was secure.

ClosedWebLogic

The Oracle WebLogic server proxy plug-in must be enabled for the server hosting the 1Integrate interface. For more information, please refer to the following:
https://docs.oracle.com/middleware/1221/webtier/develop-plugin/oracle.htm#PLGWL510

Proxy Configuration

The header you must set to tell the 1Integrate server that the connection is secure is:

  • WL-Proxy-SSL: true

     Note: When running on Weblogic, 1Integrate will only trust requests that contain the port number in the Referer header (e.g 443 port).

Consult the documentation for your proxy server for details on how to implement the modification of these existing headers.

ClosedWildfly

1Integrate needs to be configured to know a proxy is in use:

  1. Open the Settings Properties (WildFly only) file

  2. Enter reverse.proxy.enabled=true

Proxy Configuration

The headers you must set to tell the 1Integrate server that the connection is secure are:

  • X-Forwarded-Proto: https

  • X-Forwarded-SSL: on

Consult the documentation for your proxy server for details on how to implement the setting of these additional headers.