Skip to main content

Using a Reverse Proxy for Code Insight

You can specify a reverse proxy to mask the actual Code Insight Core server host and port in SSL communications and in all communications with outside servers. The reverse proxy information is set up in the server.xml file found in the tomcat\conf directory in your Code Insight installation.

The following sections describe the properties used to identify the reverse proxy and how to set up these properties when Code Insight is and is not configured for SSL.

Properties Used to Specify a Reverse Proxy

The following properties used to specify the reverse proxy must be added to server.xml.

  • proxyName—Provide the CNAME (canonical name) of the Code Insight Core server as identified on the DNS (domain name system) server or the reverse proxy server.

  • proxyPort—Provide the associated port for the CNAME on the DNS or reverse proxy server.

note

If you want to install an Apache HTTPD server for reverse proxy, use the instructions for a reverse proxy setup found on the Apache HTTP Server Documentation site.

Reverse-Proxy Setup When Code Insight Is Not Configured for SSL

When Code Insight is not configured for SSL, the reverse-proxy properties are added or updated in the **Connector ** node of the server.xml file.

To identify a reverse proxy when Code Insight has not been configured for SSL, do the following:

  1. Open tomcat/conf/server.xml located in your Code Insight installation.

  2. Locate the Connector node in the file and add the highlighted properties, replacing <cname> and <port> with the correct values:

            <Connector port="8888" protocol="HTTP/1.1"
    connectionTimeout="20000"
    redirectPort="8443"
    compressableMimeType="text/html,text/xml,text/css,text/javascript,application/x-
    javascript,application/javascript,application/json"
    compression="on"
    compressionMinSize="128"
    noCompressionUserAgents="gozilla, traviata"
    proxyName="<cname>"
    proxyPort="<port>"
    />
  3. Save server.xml.

  4. Restart Tomcat.

Reverse-Proxy Setup When Code Insight Is Configured for SSL

When Code Insight is configured for SSL, the reverse-proxy properties are added or updated in the FNCI SSL section of the server.xml file.

  1. Open tomcat/conf/server.xml located in your Code Insight installation.

  2. Locate the Connector node in the file and add the highlighted properties, replacing <cname> and <port> with the correct values:

            
    <Connector protocol="org.apache.coyote.http11.Http11Protocol"
    port="8888"
    minSpareThreads="25"
    enableLookups="false"
    disableUploadTimeout="true"
    acceptCount="100"
    maxThreads="150"
    maxHttpHeaderSize="8192"
    scheme="https"
    secure="true"
    SSLEnabled="true"
    keystoreFile="codeinsight.jks"
    keystorePass="codeinsight"
    keyAlias="codeinsight"
    keyPass="codeinsight"
    clientAuth="false"
    sslProtocol="TLS"
    sslEnabledProtocols="TLSv1.2"
    ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA
    -AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20
    -POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:
    DHE-RSA-AES256-GCM-SHA384"
    compressableMimeType="text/html,text/xml,text/css,text/javascript,application/
    x-javascript,application/javascript,application/json"
    compression="on"
    compressionMinSize="128"
    noCompressionUserAgents="gozilla, traviata"
    proxyName="<cname>"
    proxyPort="<port>"
    />
  3. Save server.xml.

  4. Restart Tomcat.