Reverse proxy

Stratodesk Virtual Appliance uses runs two distinct software modules:

  • NoTouch Center, an enterprise Java-servlet software stack, using the `/easyadmin/*` URLs,
  • VA Console, a PHP-based system administration toolset, using the `/va-admin/` URLs,

Both modules are web applications, however based on different platforms, each one suited well for its job. For user convenience we don't run them on separate port numbers, but instead everything is behind the normal HTTPS (port 443) webservice. Obviously, one of these modules must act as a "reverse-proxy" then to route requests for the other module accordingly. Which one acts as the front-end can be selected with the "Front-end service" parameter in the VA Configuration.

For production NTC deployments and larger numbers we suggest using NTC as the front-end-service. Only if an appliance is used for PXE boot, you must use Apache as front-end service.

The benefits of all that are obvious:

  • No need to expose a second port number, like 8080 or 8443
    • Less firewall configuration, less thinking about one more port
  • "Hiding" one service behind the other means one service less visible on the Virtual Appliance.
  • Easy-to-use access control via Firewall configuration (VA)
  • No more need to change port numbers on your own (unless you really want to use a strange port number - most people simply wanted it to run on 443)

Best practices


Larger, production NTC appliance


Use NoTouch Center as front-end service to eliminate the Apache (it can become a bottleneck, especially with a larger number of websocket connections).

PXE boot


PXE boot requires Apache as the front-end service.

Large number of clients and PXE boot


Split it into two appliances for best performance.

Up-to-date notice


To properly use either of these scenarios, your appliance must be up-to-date. If your appliance was set up before fall 2018 and you want to use NTC as front-end, you will need to log in via SSH login, become root, and run apt-get install php-fpm. Your appliance needs Internet connection and access to Ubuntu repositories (*.ubuntu.com).

Appliances set up after fall 2018 will not need that installation step.

Configuration


To switch between the two scenarios,

  1. Enter the VA Console (NOT NoTouch Center)
  2. Navigate to the VA Configuration area using the sidebar
  3. Switch the "Front-end-service" parameter
  4. Save and reboot the appliance

Note: If you appliance says that either NTC is too old, or php-fpm is not installed, then please update NoTouch Center or install php-fpm as described above.

Shell-based configuration


In order to configure this manually from a shell-prompt, or if you think something went wrong, please log in via SSH login, and use the sudo /opt/bin/setproxy command.

To make NoTouch Center the front-end service, run sudo /opt/bin/setproxy center. To make Apache the front-end service, run sudo /opt/bin/setproxy apache