Using a Reverse Proxy for Code Insight
You can specify a reverse proxy to mask the actual Code Insight Core server host and port in SSL communications and in all communications with outside servers. The reverse proxy information is set up in the server.xml file found in the tomcat\conf directory in your Code Insight installation.
The following sections describe the properties used to identify the reverse proxy and how to set up these properties when Code Insight is and is not configured for SSL.
Properties Used to Specify a Reverse Proxy
The following properties used to specify the reverse proxy must be added to server.xml.
-
proxyName—Provide the CNAME (canonical name) of the Code Insight Core server as identified on the DNS (domain name system) server or the reverse proxy server.
-
proxyPort—Provide the associated port for the CNAME on the DNS or reverse proxy server.
If you want to install an Apache HTTPD server for reverse proxy, use the instructions for a reverse proxy setup found on the Apache HTTP Server Documentation site.
Reverse-Proxy Setup When Code Insight Is Not Configured for SSL
When Code Insight is not configured for SSL, the reverse-proxy properties are added or updated in the **Connector ** node of the server.xml file.
To identify a reverse proxy when Code Insight has not been configured for SSL, do the following:
-
Open
tomcat/conf/server.xmllocated in your Code Insight installation. -
Locate the Connector node in the file and add the highlighted properties, replacing
<cname>and<port>with the correct values:<Connector port="8888" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
compressableMimeType="text/html,text/xml,text/css,text/javascript,application/x-
javascript,application/javascript,application/json"
compression="on"
compressionMinSize="128"
noCompressionUserAgents="gozilla, traviata"
proxyName="<cname>"
proxyPort="<port>"
/> -
Save
server.xml. -
Restart Tomcat.
Reverse-Proxy Setup When Code Insight Is Configured for SSL
When Code Insight is configured for SSL, the reverse-proxy properties are added or updated in the FNCI SSL section of the server.xml file.
-
Open
tomcat/conf/server.xmllocated in your Code Insight installation. -
Locate the Connector node in the file and add the highlighted properties, replacing
<cname>and<port>with the correct values:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8888"
minSpareThreads="25"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
maxThreads="150"
maxHttpHeaderSize="8192"
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="codeinsight.jks"
keystorePass="codeinsight"
keyAlias="codeinsight"
keyPass="codeinsight"
clientAuth="false"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2"
ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA
-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20
-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:
DHE-RSA-AES256-GCM-SHA384"
compressableMimeType="text/html,text/xml,text/css,text/javascript,application/
x-javascript,application/javascript,application/json"
compression="on"
compressionMinSize="128"
noCompressionUserAgents="gozilla, traviata"
proxyName="<cname>"
proxyPort="<port>"
/> -
Save
server.xml. -
Restart Tomcat.