Versions Compared

Old Version 5

changes.mady.by.user Chris Welford

Saved on

compared with

New Version 6

changes.mady.by.user Chris Welford

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Using a reverse proxy has several benefits:

  1. It can act as the point of SSL termination, i.e. it will serve the certificate for the service and decrypt the traffic that arrives from users via HTTPS. Many reverse proxies included useful helper functions for managing certificates.

  2. It can further simplify certificate management if you have several installations of PhixFlow; they can be set up to be available at the same FQDN (using a single certificate), at different directories; e.g. phixflow.mycomany.com/production , phixflow.mycompany.com/test , phixflow.mycompany.com/dev.

  3. They can be used to help manage the load on the system, providing an earlier point of failure for users rather than letting all requests on an overloaded system reach the back end servers.

  4. They can be patched more aggressively than back end servers, for which stability is usually crucial. This is true for the reverse proxy and the server it sits on. This is important because this is the point which faces out to a wider network (your corporate network or the public internet), so is a potental point of attack for bad actors. There is no direct entry via HTTPS to the back end servers (administrative access must be allowed, but each infrastrucutre provides it own ways of doing this securely.)

Using a reverse proxy on a single server

...

Any reverse proxy can be used providing that the Minimum system requirements https://phixflow.atlassian.net/wiki/pages/createpage.action?spaceKey=HELPTRUNKR&title=Minimum%20system%20requirements for PhixFlow are met. However, we recommend:

...

In brief, in this scheme, connections terminate SSL on a reverse proxy, these connections are passed on to application server within private network

Key components are:

Components

Description

Image Removed
Image Added

Azure Network Security Group (NSG) - this can be any Layer 3/4 firewall

Image Removed
Image Added
MariaDB

MySQL database - this can be any of the supported database

Image Removed
Image Added

Server - linux or Windows

Azure VNet

This could be any private network.

Reverse Proxy

Often NGINX on linux or IIS on Windows, but any reverse proxy could be used. In this example, the reverse proxy terminates the SSL and passes on unencryted connections safely through a private network the application server.

...

Illustration for multiple instances of PhixFlow

...