pp108 : Configuring access URLs

Configuring access URLs
This topic describes the procedure to configure Process Platform, load balancers, and reverse proxies for the URLs that are used by Process Platform.

Introduction

Process Platform can be accessed through different URLs. If a cluster consists of multiple nodes, then each node has its own URL. The URL used to access the cluster can be different when accessing it from the company network or the internet, for instance, when a reverse proxy is configured to support a DMZ architecture or SSL offloading. This page describes the different properties to define these URLs and instructions to configure the load balancer or reverse proxy.

The following three URL properties are available in Process Platform:

Property name Description
com.cordys.node.url The URL of the local gateway of a (cluster) node.
com.cordys.internal.cluster.url The URL that the Process Platform uses to talk from within the cluster to the load balancer in front of the cluster.
com.cordys.public.cluster.url The URL that users must use when accessing the Process Platform cluster.

Fall back occurs from bottom to top in the above list. When the public cluster URL is not set, the internal cluster URL will be used instead. If the internal cluster URL is not set, then the node URL is used.
Use the Management Console to change above properties.

To correctly handle client requests that pass through a reverse proxy or load balancer, Process Platform understands the following two X-Forwarded HTTP headers:

Header name Description
X-Forwarded-Host The original host requested by the client in the Host HTTP request header.
X-Forwarded-Proto Whether the original request by the client was using HTTPS. Valid values are http and https.

The URL properties are used for requests initiated from within Process Platform. The HTTP headers for requests initiated by a client, for example, a browser.

Notification

Change the URL Prefix in the Notification Service Container properties as well. Otherwise, the task URL will be invalid and a task that is delivered through email will not open.
It must be set to the public cluster URL or its fall back.
Legacy

If you change settings after a migration from an older version, consider removing the following:

  • The legacy BASE_URL variable for SAML2 and OTDS.
  • The legacy properties web.server.ssl, cordys.baseurl.protocol and com.eibus.web.wsdl.gateway.hostname.

Configuring an individual node

The property com.cordys.node.url must point to the gateway of the local node and is set by the installer. It must be updated, for example, when SSL is enabled on the Web server or when the port number is changed.

Property name Example value
com.cordys.node.url http://localserver

If SSL is enabled and the Certificate Authority is not trusted by Process Platform or the certificate is self-signed, it must be added to the trust store. Follow the instructions in Adding a New Certificate.

Configuring an internal load balancer

To run Process Platform in high availability mode, everything must be deployed at least twice, with a load balancer in front of the Web servers. To ensure that load balancing and failover in a cluster setup work as expected, HTTP requests initiated from within the cluster must be routed through the load balancer. To do this, the URL of the load balancer must be configured on every cluster node, by setting the property com.cordys.internal.cluster.url.

Property name Example value
com.cordys.internal.cluster.url http://processplatform.acme.lan:8080

The load balancer must set the following X-Forward HTTP headers:

Header name Example value
X-Forwarded-Host processplatform.acme.lan:8080
X-Forwarded-Proto http

If SSL is enabled and the Certificate Authority is not trusted by Process Platform or the certificate is self-signed, it needs to be added to the trust store. Follow the instructions in Adding a New Certificate.

Chained reverse proxies

The X-Forwarded HTTP headers must only be set when they don't exist. If an earlier proxy has already set these HTTP headers, they must not be changed.

Configuring a public reverse proxy

If the deployment involves multiple load balancers and reverse proxies, for example, when users access the system through a proxy, but requests from within the cluster are to be routed through a load balancer, then the external cluster URL must be configured on every cluster node, by setting the property com.cordys.public.cluster.url.

Property name Example value
com.cordys.public.cluster.url https://invoicing.acme.com

The load balancer must set the following X-Forwarded HTTP headers:

Header name Example value
X-Forwarded-Host invoicing.acme.com
X-Forwarded-Proto https

Related information

Process Platform properties
Adding a New Certificate