Reverse Proxy for Channels reaching out external sources

All channels interplaying with external sources demand that XCALLY server is reachable from the web on the 443 port (https).

Due to security reasons, we suggest to avoid displaying the server directly on Internet. We rather propose to use a Reverse Proxy (RP) so that the 443 port of your XCALLY server will be open only with connections coming from your RP.

There are several solutions to create a RP, you can just choose your favourite one.

For further clarifications about Reverse Proxy configuration, our Professional Service Team is available to require a quote. Contact your reference Channel Account!

 

An example of RP using NGINX is reported below.

IMPORTANT NOTE:
The configuration displayed below must be considered as an example only.
XCALLY is not to be held responsible for any damages or losses that can occur on Customers' servers.
XCALLY expressly disclaims any and all warranties of any form relative to Reverse Proxy Server, as the installation and operation are the exclusive responsibility of the Customer.
For the same reasons, no free support will be provided by XCALLY about this matter.

 

EXAMPLE

  • Install machine Debian minimal (2 CPU core, 1 GB RAM)

  • Upload a valid certificate and set up a FQDN on your DNS (e.g. proxy.mydomain.com)

  • Install NGINX

sudo apt update sudo apt install nginx -y

 

  • Create a set up file in /etc/nginx/conf.d/

For example proxy.conf

 

Example setting up NGINX monoserver

Such configuration is ideal for who owns just one XCALLY server on which all the incoming requests are transferred from outside.

here is a basic configuration for a single server.

You need just to replace the server_name variable with the FQDN of your proxy server and the proxy_pass URL with your XCALLY server FQDN

# redirect all http requests to https server { listen 80; server_name proxy.mydomain.com; return 301 https://$server_name$request_uri; } # send traffic to specific XCALLY server based on the server name server { listen 443 ssl; server_name proxy.mydomain.com; ssl_certificate /etc/ssl/certs/mydomain_com.crt; ssl_certificate_key /etc/ssl/private/mydomain_com.key; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-Port $remote_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { if ($request_uri = '/') { return 403; } proxy_pass https://myxcallyserver.mydomain.com; } }

If you want to use the same RP for more than one XCALLY server, it is possible to create different rules by using the server_name parameter.

You just need to create more A records in your DNS and add “server” sections in the NGINX set up file, as follows.

For example:

Record A = proxy1.mydomain.com will forward to myxcallyserver1.mydomain.com

Record A = proxy2.mydomain.com will forward to myxcallyserver2.mydomain.com

 

# multi-server configuration. # You can add these sections for all your XCALLY servers by changing the server_name server { listen 80; server_name proxy1.mydomain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name proxy1.mydomain.com; ssl_certificate /etc/ssl/certs/mydomain_com.crt; ssl_certificate_key /etc/ssl/private/mydomain_com.key; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-Port $remote_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { if ($request_uri = '/') { return 403; } proxy_pass https://myxcallyserver1.mydomain.com; } }

Check syntax NGIX file

 

Restart NGIX service to apply the change

 

 

Consider that customers must modify the configuration on Motion environment, by inserting the reference to the created Reverse Proxy.
This is an example for Chat channel: