We are currently running IFS 10 release 6 on our Azure environment. This setup is using Azure AD Proxy.
But in our test environment we have IFS10 release 8 which is using a different setup that causes an issue with websockets on that Azure AD Proxy software. According to IFS we should use Azure Application Gateway, but we have no clue how this should be done and our Azure partner is also lost in the recommendation of IFS. IFS itself claims that the installation and setup of this Azure Application Gateway is typically done by the customer, and can’t give us any more information on how to do this.
Is there anybody outthere who knows how this should be setup? Or who can share the nesecary information for us to get this going?
BR
Filiep
Best answer by Isuru Gunathunga
Hi @vynfva,
Please refer the attached document on how to expose the IFS application over Internet. There are some Mandatory proxy settings.
The proxy must be a reverse-proxy i.e. not connecting external requests to the MWS webserver, but terminate the internet connection in the proxy and create a new connection towards the MWS on the intranet.
The proxy must send a host-header to MWS webserver containing the correct Proxy URL otherwise the requests will be blocked by the webserver.
The IEE client uses WebSocket notifications, so a proxy needs to be WebSocket compliant and support upgrade of http protocol to WebSocket protocol.
The http header responces from the proxy must always set the host as the proxy url. e.g. "proxy_set_header host $http_host"
Proxy should not have SNI support enabled.
SSL 2.0, SSL 3.0 and TLSv1 are considered insecure and should be disallowed.
Test proxy with a tool like https://ssllabs.com/ssltest and make sure you get a A+ rating, otherwise don't expose the proxy to the internet.
Please refer the attached document on how to expose the IFS application over Internet. There are some Mandatory proxy settings.
The proxy must be a reverse-proxy i.e. not connecting external requests to the MWS webserver, but terminate the internet connection in the proxy and create a new connection towards the MWS on the intranet.
The proxy must send a host-header to MWS webserver containing the correct Proxy URL otherwise the requests will be blocked by the webserver.
The IEE client uses WebSocket notifications, so a proxy needs to be WebSocket compliant and support upgrade of http protocol to WebSocket protocol.
The http header responces from the proxy must always set the host as the proxy url. e.g. "proxy_set_header host $http_host"
Proxy should not have SNI support enabled.
SSL 2.0, SSL 3.0 and TLSv1 are considered insecure and should be disallowed.
Test proxy with a tool like https://ssllabs.com/ssltest and make sure you get a A+ rating, otherwise don't expose the proxy to the internet.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
