For a standard RHMAP installation deployed on top of OpenShift, we recommend that a wild card SSL certificate be installed on the OpenShift router. However, in situations where this is not desirable, RHMAP can be exposed using a single URL.
- An MBaaS should be provisioned and running correctly.
- A public IP address and domain with an attatched certificate should be configured and available.
RHMAP Proxy is a separate component which should be deployed to OpenShift per MBaaS project. Its purpose is to route requests from a single external host to cloud applications and RHMAP Core instances deployed on OpenShift.
For example, when RHMAP Proxy receives a request for https://rhmapproxy.internal.com/cloud_app_id/hello, it will be translated and reverse proxied to http://cloud_app_id.internal.com/hello.
The RHMAP Proxy application is bundled within the RHMAP RPM in the form of an OpenShift template. Creating this application will create an OpenShift route which will expose this service. Carry out the following steps to configure RHMAP Core to use non-wildcard routing.
1. Set the EXTERNAL_HOST environment variable for client side connectivity
Upon initialization, a client application must call out to RHMAP Core to discover the URL to which it should make API requests. We must set the following environment variable in the millicore component to allow this to work behind RHMAP Proxy.
oc env dc millicore -n rhmap-core EXTERNAL_HOST=https://rhmaprouter.internal.domain.com
NOTE: The EXTERNAL_HOST environment variable represents the URL which would be exposed to internet and used to retrieve API URL on application startup.
2. Configure an MBaaS to use RHMAP Proxy
When creating an MBaaS target, you must specify an external URL via the ”External MBaaS Host” form field. This value is the entry point for all platform applications.
NOTE: For convenience, if the environment variable from step 1. has been set, this field will be auto-populated with that value.
3. Deploy RHMAP Proxy
The application takes a number of parameters which should be set in relation to your infrastructure:
- BASE_HOST - A required parameter which should be set to the domain name of the OpenShift router. This value should match the cluster variable openshift_master_cluster_hostname
- PLATFORM_URL - An optional parameter which sets the full URL to RHMAP Core Platform. Example
https://rhmap.internal.domain.com. In the case of a single OpenShift infrastructure, this should be set and the value obtained by running the commandoc get route rhmap -n rhmap-core -o=yaml | grep host - EXTERNAL_ROUTE - An optional parameter which specifies explicitly the route that should be created by OpenShift to expose this component. If not provided, this will be auto generated by OpenShift. This should match the values provided in steps 1. and 2.
To deploy RHMAP Proxy run the following command passing the parameters described above as appropriate:
oc new-app -n <myMBaasProjectName> -f /opt/rhmap/templates/core/proxy/fh-nginx-proxy-template.json --param=BASE_HOST=internal.doamin.com --param=PLATFORM_URL=https://rhmap.internal.domain.com
1. Deploying applications behind RHMAP Proxy
If serving static content from your application, it is important to consider how paths are written within the applications source code. It is always advisable to use relative paths with dot notation.
For example where the URL dispalyed in a browser would take the format of https:\\rhmapproxy.mydomain.com/myAppId/contacts, in the source code of that application <a href=”/contact>Contact Usa> should be written as <a href=”./contact>Contact Usa> as appropriate.
Server side applications should have a trailing slash appended to their URL if one does not exist when viewed in a browser.
2. Configuring Existing Proxies
In situations where there are existing proxies within an infrastructure, these will need to be configured appropriatley. For example, a reverse proxy which is an entry ponit to your infrastructure and exposed to the internet should be configured to point at the RHMAP Proxy OpenShift route.
3. DNS
By default, RHMAP Proxy will use the default OpenShift DNS server to resolve internal domain names. If you are using a custom DNS server within your network, you should configure this value via an environment variable.
Run the following command specifying your DNS server IP in the RHMAP Proxy deployment.
oc env dc nginx-proxy DNS_SERVER=10.10.10.10