My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. FAQ

How to Configure Bold BI with a reverse proxy server in the DMZ environment in Linux

Published:

Prerequisites

You need the following prerequisites to configure Bold BI with a reverse proxy server in the DMZ environment for the Linux server.

  1. Linux server.

  2. Reverse proxy server (Nginx).

  3. React front-end machine.

Follow the given steps to configure the Bold BI with a reverse proxy server in the DMZ on a Linux server.

  1. You need to Install Bold BI on the Linux server. After finishing the Application Setup create a dashboard.

  2. You need to proxy pass the Bold BI server to the reverse proxy server. In this case, you are using Nginx as the reverse proxy server. Follow the provided steps to proxy pass Bold BI to the Nginx server.

    1. Install Nginx.

    2. Move to the Nginx installation directory by executing the following command.

      cd /etc/nginx

    3. Edit the Nginx default sites-available file using the command that is shown.

      sudo nano sites-available/default

      nginx proxy pass.png

    4. You can reload the Nginx using the given command.

      sudo nginx -s reload

    5. You can test the Nginx using the given command.

      sudo nginx -t

    6. Now, you can access Bold BI using the reverse proxy IP within the same network connection.

  3. Follow the provided steps to set the inbound rule for the reverse proxy IP on the Bold BI server machine. Since you are using Ubuntu as the server machine, set the inbound rule on that machine using UFW.

    1. You need to install UFW by running the below command.

      sudo apt install ufw

    2. Run the command below to check the UFW status. Initially, the output status will show as inactive.

      sudo ufw status verbose

    3. You can enable the UFW by running the command below.

      sudo ufw enable

      NOTE: By default, UFW will block all incoming connections and allow all outbound connections. This means that anyone attempting to access your server will not be able to connect unless you specifically open the port, while all applications and services running on your server will be able to access the outside world.

    4. After enabling UFW, you cannot access the server from anywhere. You need to set the inbound rule to access the Bold BI server only from the reverse proxy server by running the following commands.

      sudo ufw allow from {reverse proxy IP}

sudo ufw status numbered

      add-inbound-rule-linux.png

      After running the command, you can access the Linux Bold BI server only from the reverse proxy server IP.

  4. You need to embed the dashboards. Follow the given steps to run the embedded application on the React front-end machine.

    1. You can download the embedded sample here.

    2. Open the solution file in Visual Studio and then set the following properties in the EmbedProperties.cs file as instructed.

      set-embed-properties-vs.png

      RootUrl Reverse Proxy server URL with IP (ex: http://10.0.0.31/bi)
      SiteIdentifier For Bold BI Enterprise edition, it should be like site/site1. For Bold BI Cloud, it should be empty string.
      UserEmail UserEmail of the Admin in your Bold BI, which will be used to get the dashboards list.
      EmbedSecret You can get your EmbedSecret key from embed tab by enabling Enable embed authentication in Administration page as mentioned in next step.

      FYI: Our reverse proxy IP is 10.0.0.31 and the site name is site1.

      set-embed-properties.png

    3. You can obtain your Embed Secret key from the administrator setting section.

    4. Now, your application is ready to run. Before running the application, you need to change the applicationUrl to your machine’s IP address with the port number in the launchSettings.json file as shown.

      FYI: Our machine’s IP address is 10.0.0.11 and the port number is 8082.

      change-applicationurl.png

    5. After running the application you can see the output in your default web browser shown below.

      embed-application-output.png

      NOTE: If you are facing the issue below while running the application with your machine’s IP, please open the command prompt in administrator mode and run the provided commands.

      iis-express-error.png 

      netsh http add urlacl url=http://{yourlocalhostIP:port}/ user=everyone

netsh advfirewall firewall add rule name="IISExpressWeb" dir=in protocol=tcp localport={port} profile=private remoteip=localsubnet action=allow

  5. You need to set the inbound rule for the React front-end machine IP in the reverse proxy server by following the steps.

    1. Run the following command with the IP address of the react front end machine.

      sudo ufw allow from {react front end IP}

    2. You can list the inbound rules by using the command shown below.

      sudo ufw status numbered

      add-inbound-rule.png

      NOTE: Ensure that the React front-end machine’s IP only has access to the reverse proxy machine.

    3. Finally, you can expose the React front-end server to the internet. In this case, you are exposing the private URL http://10.0.0.11:8082/ to the public URL http://182.72.161.150:58951/ as shown below.
      expose-server-to-internet.png

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
NG
Written by Nisanth Gunasekaran
Updated:
Comments (0)
Please  to leave a comment
Access denied
Access denied