This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Request for config change needed to route reset password request through a proxy server before the Edge UI. OPDK

Posted on 10-05-2015 11:46 AM
Not applicable
Reply posted on --/--/---- --:-- AM

This is an OPDK On Prem installation. The edge UI URL is behind a firewall, and a proxy server URL is used to access the Edge UI. When a user hits the reset password button, they get link straight to the Edge UI URL which is behind firewall and cannot be accessed directly. Which config needs to be changed to route this through the proxy server?

Would this require some change in /opt/apigee4/conf/UI/apigee.conf? or some other file?

--SF912761--

2 8 365
Topic Labels
8 REPLIES 8

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

I would think you'd need to modify the firewall to do the equivalent of "ProxyPassReverse" - essentially it remaps all data items in the response payloads to be the addresses that are available from the proxy server.

If I understand correctly, this is not something you can change in Edge configuration. It is something you ought to change in the firewall configuration.

For more information, see

All proxying firewalls should have something similar.

Posted on --/--/---- --:-- AM
Not applicable
In response to DChiesa
Reply posted on --/--/---- --:-- AM
@Dino That will not work if link is emailed by Apigee UI component. When user clicks on forgot password link, an email will be generated by the Apigee UI and sent to user with OutOfTheBox email template.

Now the requirement here is how to change/customize the default email template to include the custom proxy URL instead of the default edge URL.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

So... we solved this by writing a spring app that lives on the UI servers and intercepts all of the email... it also brands it all nicely and does a bunch of enrichment.

dont do this

As of 15.04 (?) there are now email templates... which i havnt touched due to the amount of work we already invested in solving this problem.

The templates are actually talked about tin the Operations-Guide. Search for email template.

The one you want is called password-reset.html and it lives in /<inst-root>/apigee4/share/ui/email-templates

Anyway - a quick look at the template shows this:

<html>
    <body>
        <p>Someone requested a new password for your account.</p>
        <p>Reset your password at:<br><a href="{hrefResetPassword}">{hrefResetPassword}</a></p>
        <p>- {companyNameShort}</p>
    </body>
</html>

So i know that {companyNameShort} comes straight from /<inst-root>/cont/ui and either in apigee-base.conf or apigee.conf (i have to manage these w/ puppet to keep them on target during updates)

{hrefResetPassword} doesnt seem to be in the config.. you might be able to just add it and override it (i dont have time to test this) or you could just put your own HTML in here. Just be sure to note that these might get overwritten in major updates.

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Can we use Java script as below in the email template to change the FQDN part in the URL??

	<script>
		function myFunction() {
    			var str = document.getElementsByTagName("a")[0].innerHTML;
    			var res = str.replace("http://Edge-UI-Server:9000", "http://Proxy-Server");
    			document.getElementsByTagName("a")[0].innerHTML = res;
                        document.getElementsByTagName("a")[0].href = res;
		}
	window.onload = myFunction;
        </script>
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

I dont know. Someone might know? Maybe ask this as a different question? I know you can just replace the HTML if you want.. and then use something like puppet to template it. I will EVENTUALLY get my puppet article up..

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi @Aravind Kumar Tadakamalla,

The UI constructs the host portion of the reset password link from the HTTP request's host.

So, in theory, if your proxy preserves the host, then you should get what you want. I haven't actually tried it.

Here's a Stack Overflow post on how to preserve the host with Apache. Presumably whatever proxy server you are using should be able to do the same.

Charles

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Thank you @coverbeck

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

I don't know how I ended up mentioning you, @Aravind Kumar Tadakamalla, when @Arjav Goswami asked the original question. But I'm glad the answer worked for you. 🙂

0 Likes
Top Solution Authors
View all