Actually, adding the reverse proxy can cause issues if you do SSL termination at the proxy and connect proxy → ignition gateway with insecure http. In that case, the Gateway will consider the connection as insecure, and will not set the Secure attribute on the session cookie, which browsers require for pages embedded in a cross-origin context. So…when you do add a RP in front of the Gateway, you will need to do one of the following:
- Do not perform SSL termination at the proxy (proxy forwards TLS traffic through to the Gateway)
- If you do perform SSL termination at the proxy, then make sure the proxy connects to Ignition over secure https
- If you are on 8.1.10, you could opt-into the new “Use Proxy Forwarded Headers” setting in Config > Networking > Webserver and then configure the proxy to send the appropriate
Forwardedand/orX-Forwarded-*suite of headers so that Ignition will treat the connection as secure even if the connection between the proxy and Gateway is insecure.