URL forwarding or limiting (:8088/data/perspective/client/)

Theodorska · August 27, 2024, 10:45am

Hello,

We have used a single ignition gateway to make multiple projects. One of the projects is available for thirdparty endusers. We want to use a simple URL to access the project, because right now they must use our custom url + ":8088/data/perspective/client/XXXXX".

We not yet figured out a way to mask the URL or redirect to avoid that the thirdparty endusers can remove "/data/perspective/client/XXXXX" from the URL and access the login page for our main gateway.

Any suggestions? I read an earlier post saying that this was potentially not possible

Benjamin_Furlani · August 27, 2024, 11:10am

You could utilize nginx and setup proxy for that url to be www.somedomain.com/applicationEndpoint inside of the .conf

Here is some documentation on nginx. NGINX Reverse Proxy | NGINX Documentation

pturmel · August 27, 2024, 11:34am

I hope this is only inside a VPN. If you've exposed Ignition on a public address without SSL, your gateway is wide open for attack, and all user logins are crossing the public network in clear text. This is extremely dangerous to your gateway and to your clients.

Theodorska · August 27, 2024, 11:46am

We do have our endusers accessing our site with SSL using the other port. I just did not remember the port while writing the post, hehe!

pturmel · August 27, 2024, 11:51am

You won't be able to do this. Even behind a proxy, Ignition expects its URLs to have that format, and will generate such URLs all over the place.

This can be filtered out by a proxy in front of Ignition. But you must be specific on what to filter--Perspective clients need resources from the gateway that are not all under /data/perspective/....