<!DOCTYPE html>


<!--
 | Generated by Apache Maven Doxia Site Renderer 1.11.1 from src/site/xdoc/configuration/proxy.xml at 2025-02-23
 | Rendered using Apache Maven Fluido Skin 1.12.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" />
    <meta name="author" content="Miguel Moquillon" />
    <title>Silverpeas Project Web Site &#x2013; Configuring Silverpeas behind an Apache or an Nginx reverse-proxy</title>
    <link rel="stylesheet" href="../css/apache-maven-fluido-1.12.0.min.css" />
    <link rel="stylesheet" href="../css/site.css" />
    <link rel="stylesheet" href="../css/print.css" media="print" />
    <script src="../js/apache-maven-fluido-1.12.0.min.js"></script>
    <!-- Google Analytics -->
    <script>
      (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
       (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
            m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
      })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
      ga('create', 'UA-2015926-3', 'auto');
      ga('send', 'pageview');
      ga('set', 'anonymizeIp', true);
      ga('set', 'forceSSL', true);
    </script>
    <style>.github-fork-ribbon:before { background-color: orange; }</style>
  </head>
  <body class="topBarEnabled">
    <a class="github-fork-ribbon right-top" href="https://github.com/Silverpeas" data-ribbon="Fork me on GitHub" title="Fork me on GitHub">Fork me on GitHub</a>
    <header id="topbar" class="navbar navbar-fixed-top navbar-inverse">
      <div class="navbar-inner">
            <div class="container">
              <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar">
                  <span class="icon-bar"></span>
                  <span class="icon-bar"></span>
                  <span class="icon-bar"></span>
              </a>
          <nav class="nav-collapse">
            <ul class="nav">
      <li class="dropdown">
        <a class="dropdown-toggle" data-toggle="dropdown">Silverpeas <b class="caret"></b></a>
        <ul class="dropdown-menu">
            <li><a href="../intro.html" title="About">About</a></li>
            <li><a href="../product/features.html" title="Key Features">Key Features</a></li>
            <li class="dropdown-submenu">
<a href="../product/applications.html" title="Applications">Applications</a>
              <ul class="dropdown-menu">
                  <li><a href="../product/social_network.html" title="Social Network">Social Network</a></li>
                  <li><a href="../product/documentation_management.html" title="Electronic Documentation Management">Electronic Documentation Management</a></li>
                  <li><a href="../product/content_management.html" title="Content Management">Content Management</a></li>
                  <li><a href="../product/data_collection.html" title="Data Collection">Data Collection</a></li>
                  <li><a href="../product/gallery.html" title="Pictures Management">Pictures Management</a></li>
                  <li><a href="../product/knowledge_management.html" title="Knowledge Management">Knowledge Management</a></li>
                  <li><a href="../product/project_documentation.html" title="Project Documentation">Project Documentation</a></li>
              </ul>
            </li>
            <li><a href="../screenshots.html" title="Screenshots">Screenshots</a></li>
            <li class="dropdown-submenu">
<a href="../installation/index.html" title="Install Silverpeas">Install Silverpeas</a>
              <ul class="dropdown-menu">
                  <li><a href="../installation/installationV6.html" title="Installation of Silverpeas 6">Installation of Silverpeas 6</a></li>
                  <li><a href="../installation/cloud.html" title="Silverpeas in the Cloud">Silverpeas in the Cloud</a></li>
                  <li><a href="../installation/webdav.html" title="Online Edition of Documents">Online Edition of Documents</a></li>
              </ul>
            </li>
            <li class="dropdown-submenu">
<a href="../#" title="Our versions">Our versions</a>
              <ul class="dropdown-menu">
                  <li><a href="https://tracker.silverpeas.org/projects/silverpeas/roadmap" title="Roadmap">Roadmap</a></li>
                  <li><a href="https://tracker.silverpeas.org/projects/silverpeas/roadmap?completed=1&with_subprojects=1" title="Changelog">Changelog</a></li>
                  <li><a href="../releasenotes.html" title="Release Notes">Release Notes</a></li>
              </ul>
            </li>
            <li><a href="../scm.html" title="Source Code">Source Code</a></li>
            <li class="dropdown-submenu">
<a href="../#" title="Some Configuration Tips">Some Configuration Tips</a>
              <ul class="dropdown-menu">
                  <li><a href="../configuration/ldap.html" title="LDAP Synchronization">LDAP Synchronization</a></li>
                  <li><a title="Configuring a reverse-proxy">Configuring a reverse-proxy</a></li>
              </ul>
            </li>
            <li><a href="../faq.html" title="FAQ">FAQ</a></li>
        </ul>
      </li>
      <li class="dropdown">
        <a class="dropdown-toggle" data-toggle="dropdown">Silverpeas Projects <b class="caret"></b></a>
        <ul class="dropdown-menu">
            <li class="dropdown-submenu">
<a href="../#" title="Global information">Global information</a>
              <ul class="dropdown-menu">
                  <li><a href="../intro.html" title="About Silverpeas">About Silverpeas</a></li>
                  <li><a href="../team.html" title="Team">Team</a></li>
                  <li><a href="../mailing-lists.html" title="Mailing List">Mailing List</a></li>
                  <li><a href="../issue-management.html" title="Issue Tracking">Issue Tracking</a></li>
                  <li><a href="../source-repository.html" title="Source Repository">Source Repository</a></li>
                  <li><a href="../ci-management.html" title="Continuous Integration">Continuous Integration</a></li>
              </ul>
            </li>
            <li><a href="../docs/core/index.html" title="Silverpeas Core">Silverpeas Core</a></li>
            <li><a href="../docs/components/index.html" title="Silverpeas Applications">Silverpeas Applications</a></li>
        </ul>
      </li>
      <li class="dropdown">
        <a class="dropdown-toggle" data-toggle="dropdown">How to contribute <b class="caret"></b></a>
        <ul class="dropdown-menu">
            <li><a href="../dev/collaboration.html" title="Contribution">Contribution</a></li>
            <li><a href="../dev/quality.html" title="Code Quality">Code Quality</a></li>
            <li><a href="../dev/ldap_testing.html" title="Testing the LDAP code">Testing the LDAP code</a></li>
        </ul>
      </li>
      <li class="dropdown">
        <a class="dropdown-toggle" data-toggle="dropdown">Licensing <b class="caret"></b></a>
        <ul class="dropdown-menu">
            <li><a href="../legal/licensing_gnu_affero.html" title="License">License</a></li>
            <li><a href="../legal/licensing_faq.html" title="Licensing FAQ">Licensing FAQ</a></li>
            <li><a href="../legal/floss_exception.html" title="FLOSS Exception">FLOSS Exception</a></li>
            <li><a href="../legal/trademark.html" title="Silverpeas Trade Mark">Silverpeas Trade Mark</a></li>
        </ul>
      </li>
            </ul>
          </nav>
          <div class="nav-collapse">
          </div>
        </div>
      </div>
    </header>
    <div class="container container-top">
      <header>
        <div id="banner">
          <div class="pull-left"><a href="https://www.silverpeas.org/" id="bannerLeft"><img src="../images/logo-silverpeas.png"  alt="Silverpeas" style="" /></a></div>
          <div class="pull-right"></div>
          <div class="clear"><hr/></div>
        </div>

        <div id="breadcrumbs">
          <ul class="breadcrumb">
      <li><a href="https://www.silverpeas.org" class="externalLink" title="Silverpeas">Silverpeas</a><span class="divider">/</span></li>
    <li class="active ">Configuring Silverpeas behind an Apache or an Nginx reverse-proxy</li>
        <li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2025-02-23</li>
          <li id="projectVersion" class="pull-right">Version: 6.4.2</li>
          </ul>
        </div>
      </header>
        <main id="bodyColumn" >


  
    <section>
<h2><a name="Introduction"></a>Introduction</h2>
      
<p>A reverse-proxy is usually used to give a single one-point access to different services or applications.
        It is also used to handle TLS connections and then the required certificates.
      </p>
      
<p>
        The configuration of Silverpeas behind an Apache or an Nginx reverse-proxy is quite straightforward.<br />
In this example we want to configure a reverse-proxy that is handling TLS and proxyfying a Silverpeas running in a Wildfly server
        on port 8000.
      </p>
    </section>
    <section>
<h2><a name="Apache_Configuration"></a>Apache Configuration</h2>
      
<p>Defines the configuration of your site as following. The [...] means your own specific configuration for your
      site and that isn't covered by this document.</p>
      
<div class="source"><pre class="prettyprint">
    &lt;VirtualHost site.domaine.tld:443&gt;
          ServerName site.domaine.tld:443

          [...]
        SSLEngine On
        SSLProxyEngine On
        SSLCertificateFile PATH_OF_YOUR_CRT
        SSLCertificateKeyFile PATH_OF_YOUR_CERTIFICATE_KEY
        SSLCertificateChainFile  PATH_OF_YOUR_CERTIFICATE_CHAIN_PEM
        SSLVerifyClient None
        SSLCipherSuite !ADH:!DSS:!RC4:HIGH:+3DES
        SSLCompression Off
        SSLHonorCipherOrder On
        SSLProtocol all -SSLv2 -SSLv3

        ProxyTimeout 300
        ProxyVia Off
        ProxyRequests Off
        ProxyPreserveHost On

        # Silverpeas
        ProxyPass /weblib http://127.0.0.1:8000/weblib
        ProxyPassReverse /weblib http://127.0.0.1:8000/weblib
        ProxyPass /silverpeas http://127.0.0.1:8000/silverpeas
        ProxyPassReverse /silverpeas http://127.0.0.1:8000/silverpeas
        ProxyPass /website http://127.0.0.1:8000/website
        ProxyPassReverse /website http://127.0.0.1:8000/website
        ProxyPass /help_fr http://127.0.0.1:8000/help_fr
        ProxyPassReverse /help_fr http://127.0.0.1:8000/help_fr

        RewriteEngine On
        RewriteRule ^/$ /silverpeas [R,L]

        Header set Access-Control-Max-Age &quot;1000&quot;
        Header set Access-Control-Allow-Headers &quot;x-requested-with, Content-Type, origin, authorization, accept, X-STKN&quot;
        # This parameter is important for Wildfly
        Header set X-Forwarded-Proto &quot;https&quot;

        [...]
    &lt;/VirtualHost&gt;
     </pre></div>
    </section>
    <section>
<h2><a name="Configuring_Nginx"></a>Configuring Nginx</h2>
      
<p>Defines the configuration of your site as following. The [...] means your own specific configuration for your
        site and that isn't covered by this document.</p>
      
<div class="source"><pre class="prettyprint">
    [...]

    server {
        listen 443;
        server_name site.domaine.tld;

        [...]

        ssl on;
        ssl_certificate_key PATH_OF_YOUR_CERTIFICATE_KEY;
        ssl_certificate     PATH_OF_YOUR_CERTIFICATE_CHAIN_PEM;
        ssl_stapling on;
        ssl_stapling_verify on;

        ssl_session_timeout 5m;
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers &quot;HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES&quot;;
        ssl_prefer_server_ciphers on;
        client_max_body_size 2048M;

        location / {
            proxy_pass http://127.0.0.1:8000/;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        rewrite ^/$ /silverpeas break;

        [...]
     }
      </pre></div>
    </section>
    <section>
<h2><a name="Configuring_Wildfly"></a>Configuring Wildfly</h2>
      <section>
<h3><a name="In_a_non_TLS_mode"></a>In a non TLS mode</h3>
      
<p>Now, you just have to update one attribute of the HTTP listener of the Undertow Web server embedded in Wildfly. For doing,
      go to the <code>JBOSS_HOME/bin</code> directory and, run Wildfly in administration mode only, enable the proxy forwarding and then stop Wildfly:</p>
      
<div class="source"><pre class="prettyprint">
        $ ./standalone.sh -c standalone-full.xml --admin-only &amp;
        [...]
        $ ./jboss-cli.sh --connect -c &quot;/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)&quot;
        {&quot;outcome&quot; =&gt; &quot;success&quot;}
        $ ./jboss-cli.sh --connect -c &quot;/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket)&quot;
        {&quot;outcome&quot; =&gt; &quot;success&quot;}
        $ ./jboss-cli.sh --connect -c &quot;shutdown&quot;
      </pre></div>
      </section>
      <section>
<h3><a name="In_TLS_mode"></a>In TLS mode</h3>
        
<p>Now, you just have to create a configuration for a socket binding to handle TLS connections (here <code>proxy-https</code>) and then update the HTTP listener of the Undertow Web server embedded in Wildfly. For doing,
          go to the <code>JBOSS_HOME/bin</code> directory and, run Wildfly in administration mode only, create and use a socket binding for TLS connections, and enable the proxy forwarding, and then stop Wildfly:</p>
        
<div class="source"><pre class="prettyprint">
          $ ./standalone.sh -c standalone-full.xml --admin-only &amp;
          [...]
          $ ./jboss-cli.sh --connect -c &quot;/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)&quot;
          {&quot;outcome&quot; =&gt; &quot;success&quot;}
          $ ./jboss-cli.sh --connect -c &quot;/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)&quot;
          {&quot;outcome&quot; =&gt; &quot;success&quot;}
          $ ./jboss-cli.sh --connect -c &quot;/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)&quot;
          {&quot;outcome&quot; =&gt; &quot;success&quot;}
          $ ./jboss-cli.sh --connect -c &quot;shutdown&quot;
        </pre></div>
      </section>
    </section>
  

        </main>
    </div>
    <hr/>
    <footer>
      <div class="container">
        <div class="row">
<div class="license">
        <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/"><img alt="Licence Creative Commons" style="border-width:0" src="https://i.creativecommons.org/l/by-sa/4.0/88x31.png" /></a>.
      </div>
        </div>
        <p id="poweredBy" class="pull-right"><a href="https://netbeans.apache.org/download/index.html" title="IDEA IntelliJ" class="builtBy"><img class="builtBy"  alt="IDEA IntelliJ" src="../images/logos/intellij-idea-logo.png" style="" /></a>
<a href="https://www.eclipse.org" title="Eclipse" class="builtBy"><img class="builtBy"  alt="Eclipse" src="../images/logos/logo_eclipse.png" style="" /></a>
<a href="https://maven.apache.org/" title="Maven" class="builtBy"><img class="builtBy"  alt="Maven" src="../images/logos/logo_maven.png" style="" /></a>
<a href="https://izpack.org/" title="Izpack" class="builtBy"><img class="builtBy"  alt="Izpack" src="../images/logos/logo_izPack.png" style="" /></a>
</p>
      </div>
    </footer>
<script>
  if(anchors) {
    anchors.add();
  }
</script>
  </body>
</html>