Knowledge Base Administration Guide

HTTPS / SSL Proxy

Simscope can transport via https (secure http), using an external Proxy HTTP server.

This lets you access Simscope via a secure URL, similar to the following:

  • https://simscope-machine.company.com

Instead of:

  • http://simscope-machine.company.com:8080

Ports

For reference, the standard TCP ports are:

ProtocolPort
http80, 8080, 8081, etc.
https443

Note that Simscope can be configured to run on any port.

HTTP Proxy Methods

If you proxy HTTP traffic to Simscope, you must support these HTTP methods:

  • GET
  • POST
  • DELETE

For example, if you omit proxying the DELETE method to Simscope, users may get an error similar to this when deleting Saved Searches:

Error: 404 Not Found
The requested URL was not found on this server.

Normal HTTP Simscope

The standard Simscope flow is a direct connection from a client web browser, via HTTP.

[Client Browser]  <--http-->  [Simscope:8080]

Simscope via Secure Proxy

Simscope can work with any HTTPS proxy software.

Using a proxy, there are two connections to Simscope from a client:

  • Local/direct port via HTTP (80, 8080, etc)
  • Proxy port via HTTPS (443)

The proxy server proxies network traffic from TCP port 443 to the local Simscope server port.

[Client Browser]  <--https-->  [HTTPS proxy:443]  <--http-->  [Simscope:8080]

SSL Certificate

To use a proxy, you need a valid SSL certificate for the domain to host Simscope on.

This is configured within the proxy software.

Example Proxy: nginx

This example uses the nginx web server to proxy secure traffic from SSL port 443 → port 8080.

  • HTTPS URL: https://simscope.company.com
  • Simscope: port 8080

1. nginx Configuration

Note: this example uses Certbot / Let's Encrypt, but this can alternatively be via your company SSL certificate flow.

Config file: /etc/nginx/sites-available/default

server {
    # SSL configuration
    server_name simscope.company.com; # managed by Certbot

    location / {
        # Set this to your local Simscope port #
        proxy_pass http://127.0.0.1:8080;

        # Proxy the Request Hostname and Remote IP
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Request-URI $request_uri;
        proxy_set_header Host $host;

        # Full list of Nginx variables documented here:
        # https://nginx.org/en/docs/http/ngx_http_core_module.html#variables
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/simscope.company.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/simscope.company.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

2. Simscope Configuration

We need to tell Simscope that it is serving HTTP locally on port 8080, but email links need to be via the external server URL via HTTPS port 443.

Config file: simscope.config

[server]
# Local Simscope port to serve on
httpaddr = ":8080"
serverurl = "https://simscope.company.com:443"