Applying a load balance for https connections
Posted: Fri May 24, 2019 12:54 amHi OME,
I am a cell biologist trying to get OMERO setup in our university. We have OMERO 5.4.10 installed on an RHEL7 server with a separate OMERO.server and Omero.web server installed. It's all working beautifully, thank you.
I asked our University IT to switch the server to an https protocol so we could access the OMERO.web from outside the universities internet domain. So staff not on campus or collaborators can access it.
We tried to create a "Publicly accessible NSX LOAD BALANCER in SSL OFFLOAD, with OMERPW as a member, with an alias"
We hit the following problem (from IT):
1./ The omero server address is a load balancer serving traffic using the HTTPS protocol (https://....., OMERO.web)
2./ When a request comes in, it then forwards traffic to http://.... (OMERO.web)
3./ That server has a NGIX reverse proxy listening on port 80 that forwards traffic to the omero web python application running on port 4080.
4./ Then the application does several redirects using the http protocol to append the /webclient/ to the path it receives.
5./ The original request than becomes http://omero......../webclient/ which will not work. As per university policy, we can not expose publicly any application using plain http protocol.
At this point, the easiest path forward is to configure the omero application to use https which may require a bit of application customization and the use of a certificate in the server itself.
I would suggest for you to involve your omero support person to help you through that process.
Any advice or direction to the appropriate docs would be appreciated.
KR
J
I am a cell biologist trying to get OMERO setup in our university. We have OMERO 5.4.10 installed on an RHEL7 server with a separate OMERO.server and Omero.web server installed. It's all working beautifully, thank you.
I asked our University IT to switch the server to an https protocol so we could access the OMERO.web from outside the universities internet domain. So staff not on campus or collaborators can access it.
We tried to create a "Publicly accessible NSX LOAD BALANCER in SSL OFFLOAD, with OMERPW as a member, with an alias"
We hit the following problem (from IT):
1./ The omero server address is a load balancer serving traffic using the HTTPS protocol (https://....., OMERO.web)
2./ When a request comes in, it then forwards traffic to http://.... (OMERO.web)
3./ That server has a NGIX reverse proxy listening on port 80 that forwards traffic to the omero web python application running on port 4080.
4./ Then the application does several redirects using the http protocol to append the /webclient/ to the path it receives.
5./ The original request than becomes http://omero......../webclient/ which will not work. As per university policy, we can not expose publicly any application using plain http protocol.
At this point, the easiest path forward is to configure the omero application to use https which may require a bit of application customization and the use of a certificate in the server itself.
I would suggest for you to involve your omero support person to help you through that process.
Any advice or direction to the appropriate docs would be appreciated.
KR
J