Deployment Architecture

Mobile Access Server behind a Proxy -- how to configure?

Tarek1977
Path Finder

Hello all,

I have one question about using a proxy server behind the mobile access server. How can I configure that? The proxy server is NOT installed on the same server as the mobile access server. Any ideas? Thank you in advance!

1 Solution

sni_splunk
Splunk Employee
Splunk Employee

1) It is recommended to install your mobile access server, set it up, and configure the proxy for it after this.

2) For mobile access server, you don't have anything to configure. However, for better performance, you can use the reversed proxy for SSL termination, and configure mobile access server to use HTTP instead of HTTPS. To do this, you can modify the configuration file in MOBILE_ACCESS_SERVER_HOME/server/config/config_local.json, add/find some JSON properties called "scheme"/"port" like this:

{ ..... "scheme": "https", "port": 443, .....
}

Change the "scheme" property value from "https" to "http", and change the server port "port" property value from 443 to 80 or some other port number you would like to use.

3) For your proxy, please follow its own instructions to configure a reversed proxy. Apache, Nginx, whatever. The reversed proxy is recommended to use HTTPS, you can either use root context path or other context path such as "/mobile" for the upstream mobile access server in your reversed proxy configuration.

4) In mobile app login UI, please use the reversed proxy URL as mobile access server address.

View solution in original post

sni_splunk
Splunk Employee
Splunk Employee

1) It is recommended to install your mobile access server, set it up, and configure the proxy for it after this.

2) For mobile access server, you don't have anything to configure. However, for better performance, you can use the reversed proxy for SSL termination, and configure mobile access server to use HTTP instead of HTTPS. To do this, you can modify the configuration file in MOBILE_ACCESS_SERVER_HOME/server/config/config_local.json, add/find some JSON properties called "scheme"/"port" like this:

{ ..... "scheme": "https", "port": 443, .....
}

Change the "scheme" property value from "https" to "http", and change the server port "port" property value from 443 to 80 or some other port number you would like to use.

3) For your proxy, please follow its own instructions to configure a reversed proxy. Apache, Nginx, whatever. The reversed proxy is recommended to use HTTPS, you can either use root context path or other context path such as "/mobile" for the upstream mobile access server in your reversed proxy configuration.

4) In mobile app login UI, please use the reversed proxy URL as mobile access server address.

jzhong_splunk
Splunk Employee
Splunk Employee

I think you can just follow the documentations of your proxy server. For example, if you use nginx, you can add this to the nginx.conf

location / {
  proxy_pass https://yourhost;
}

Because the mobile app expects to talk to mobile server via HTTPS (HTTP will be denied). So if you are going to use a proxy in front of the mobile access server, please make sure you enable the proxy with HTTPS. You can choose to start the mobile access server in HTTP mode, for example: http://my_host:8080 Then use the proxy to expose it as https://prox_host

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...