2.1.2 Example configuration for working with a reverse proxy with SSL traffic analyzer
This subsection describes a configuration where a DMZ is secured between a web browser on a client machine and the JP1/DH - Server machine, and a reverse proxy server# with an SSL traffic analyzer resides on the DMZ. If you want to operate your JP1/DH - Server on a network connected to the Internet, use this example configuration as a reference to examine and determine your network configuration.
- #
-
The JP1/DH Web server (built-in reverse proxy server) does not run separately on a machine other than the JP1/DH - Server machine. Therefore, a different reverse proxy server from the JP1/DH Web server is used in this example configuration.
Figure 2‒2: Example configuration for working with a reverse proxy with SSL traffic analyzer
- Organization of this subsection
(1) Features
-
This configuration can limit access to JP1/DH - Server only from the reverse proxy server placed on the DMZ and prevent JP1/DH - Server from being accessed directly by client machines.
-
A web browser on the client machine communicates with the reverse proxy server over HTTPS, while the reverse proxy server communicates with JP1/DH - Server over HTTP.
-
You can separate high-load encryption and multiplexing processes of SSL traffic from the JP1/DH - Server machine, resulting in taking full advantage of performance of the JP1/DH - Server machine for transfer in higher speed.
(2) Software requirements for each machine
Each machine requires the following software:
-
Client machine
A client machine requires a web browser and a JP1/DH client program.
-
Reverse proxy server machine
A reverse proxy server in this configuration requires functions that analyze HTTPS traffic from web browsers on client machines and forwards the traffic to JP1/DH - Server as HTTP traffic.
-
JP1/DH - Server machine
The machine for installation of JP1/DH - Server. The following pieces of software are required:
-
JP1/DH Web application server
-