# Remote Spark Reverse HTTP Proxy ## Overview This document describes the configuration and usage of a reverse HTTP proxy for Remote Spark SparkView. ## Configuration ### Features - SparkView reverse proxy is based on virtual host, which brings the best web site compatibility. - You have to create a HTTP server with a unique id on the gateway for your backend HTTP server. - Access the backend server with serverId.gatewayDomain.com - Support Keep-Alive, which means you don't need extra configurations for NTLM authentication etc. - Support WebSocket. ### Proxy Server Setup Configure your reverse proxy to forward requests to the SparkView backend. You'll need to set up a wildcard domain name for your gateway: *.gatewayDomain.com. For testing purpose, you can modify the "hosts" file, make sure you add the gateway domain and all sub domains (for each backend): 127.0.0.1 gateway.local 127.0.0.1 internal.gateway.local 127.0.0.1 auth.gateway.local Here is an example for the following scenarios: 1. User access "internal" web site. 2. "internal" web site redirect request to "auth" web site. 3. The proxy send redirection directly to the "auth" web site since it's disabled, otherwise, it'll forward the redirection to the user. 4. The proxy receive response from "auth" site and forward it to the user. ```json { "id": "internal", "displayName": "Internal Site", "server": "192.168.0.138", "protocols": "http", "http": { "scheme": "https", "port": 443, "replaceAbsoluteLink": false, "addForwardHeaders": false, "pathList": "/\n@auth" }, "cached": false, "disabled": false } { "id": "auth", "displayName": "Internal Authentication", "server": "192.168.0.139", "protocols": "http", "http": { "scheme": "https", "port": 8443, "path": "/auth", "replaceAbsoluteLink": false, "addForwardHeaders": false }, "disabled": true, "args": [ { "name": "Authorization.NTLM.user", "value": "${user}", "location": "HEADER" }, { "name": "Authorization.NTLM.password", "value": "${password}", "location": "HEADER" } ] } ``` "path": URL Path, which can include variables. "replaceAbsoluteLink": The proxy will replace absolute links in the web page with relative path if it's true, which could affect the performance. "addForwardHeaders": The proxy will automatically add X-Real-IP, X-Forwarded-For and X-Forwarded-Proto header into request. "disable": The proxy will access this web site directly without forwarding it to the user if it's true. It can be used in authentication service. "args": name: The name of argument. value: value, which can include variables. location: where the argument will be appended. ### Predefined variables ${user} ${password} ${token} ### Basic Authentication ```json "args": [ { "name": "Authorization.Basic.user", "value": "${user}", "location": "HEADER" }, { "name": "Authorization.Basic.password", "value": "${password}", "location": "HEADER" } ] ``` ### NTLM Authentication ```json "args": [ { "name": "Authorization.NTLM.user", "value": "${user}", "location": "HEADER" }, { "name": "Authorization.NTLM.password", "value": "${password}", "location": "HEADER" } ] ``` ### Post based authentication ```json "args": [ { "name": "user", "value": "${user}", "location": "POST" }, { "name": "password", "value": "${password}", "location": "POST" } ] ``` Make sure the name matches the name in the HTTP Post.