Configure the network settings if your DTP infrastructure is deployed to an environment using forward and/or reverse proxies or if a cross-origin resource sharing (CORS) policy is enforced. Forward and reverse proxy servers are commonly used to cache static or frequently-requested files to improve performance. CORS defines which cross-origin request are allowed to improve network security.

Choose Settings from the gear icon menu in Extension Designer or Policy Center and choose Network Settings from the Administration sidebar. 

Cross-origin Resource Sharing Configuration

Specify a comma separated list of fully-qualified domain names in the Whitelist field to manually enable network access to DTP Enterprise Pack from different domains.


Cross-origin Resource Sharing (CORS) is a specification for allowing modern web browsers to circumvent the "same-origin policy" and share resources across domains. The same-origin policy is a security mechanism that protects users from malicious content by requiring browser requests to a website to go through the same domain serving the website. Because DTP Enterprise Pack is designed to be an integration point in the Parasoft ecosystem, CORS whitelist functionality has been exposed to allow for 3rd party integrations with DTP Enterprise Pack.

The CORS whitelist can be used to:

  • Configure network aliases when DTP Enterprise Pack is running on a machine with multiple hostnames.
  • Configure hostnames for 3rd party websites/intranet pages that integrate with DTP Enterprise Pack.
  • Configure reverse proxy/load balancer hostnames when DTP Enterprise Pack is behind a complex network configuration (see Reverse Proxy). Reverse proxy settings should be used for end-to-end reverse proxy support, when the reverse proxy settings are used the hostname is automatically added to the whitelist and does not need to be configured manually.

The whitelist should be a comma separated list of hostnames (or origins) that are allowed to make cross-origin requests to DTP Enterprise Pack. You should provide a hostname, fully-qualified domain name, or IP address. Do not include the protocol or port.

Click Save when finished.

Forward Proxy

  1. Enable the Enable forward proxy option and specify the hostname and port of the proxy server. If the proxy server requires authentication, a username and password can be configured to authenticate with the proxy server.

    Enabling the proxy server sends all HTTP(S) requests through the proxy.

    When enabled, all HTTP(S) requests will be sent through the proxy, including requests to the DTP server (configured in the Server Settings), Marketplace server (configured in the Marketplace Settings), and any requests made by http request nodes (see Working with Nodes).
  2. You can specify a list of hostnames, fully-qualified domain names, and/or IP addresses in the No Proxy Hosts field to avoid using the proxy for all HTTP(S) requests to those hosts.


     
  3. Click Save when finished.

Reverse Proxy

Enable the Enable reverse proxy option and specify the reverse proxy server settings and click Save

Reverse proxies are sometimes used to ensure high availability or strengthen network security. The network administrator configures the reverse proxy server to forward user requests to where the applications are hosted. The following diagram shows the basic reverse proxy flow.



Example Reverse Proxy Configuration

Different reverse proxy servers have different implementations. The following example shows how a reverse proxy may be configured on nginx.

server {
 
        listen  443            ssl;
        listen  [::]:443       ssl;
 
        ssl_certificate /etc/nginx/certs/ssl-certificate-file.crt;
        ssl_certificate_key /etc/nginx/certs/ssl-certificate-key.key;
 
        ssl on;
        ssl_session_cache       builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;
 
        access_log /var/log/nginx/user1-dtp.access.log;
        error_log  /var/log/nginx/user1-dtp.error.log;
 
        location / {
                proxy_pass              http://my-host.domain.com:8080;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Host $http_host;
                proxy_set_header        X-Forwarded-Proto https;
                proxy_set_header        X-Forwarded-Port $server_port;
                proxy_read_timeout      90;
        }
}
server {
        listen  8443            ssl;
        listen  [::]:8443       ssl;
 
        ssl_certificate /etc/nginx/certs/ssl-certificate-file.crt;
        ssl_certificate_key /etc/nginx/certs/ssl-certificate-key.key;
 
        ssl on;
        ssl_session_cache       builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;
 
        location / {
                proxy_pass              http://my-host.domain.com:8314;
 
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Host $http_host;
                proxy_set_header        X-Forwarded-Proto https;
                proxy_set_header        X-Forwarded-Port $server_port;
                proxy_read_timeout      90;
 
                # websocket
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
 
        }
}
 
server {
        listen  9443            ssl;
        listen  [::]:9443       ssl;
 
        ssl_certificate /etc/nginx/certs/ssl-certificate-file.crt;
        ssl_certificate_key /etc/nginx/certs/ssl-certificate-key.key;
 
        ssl on;
        ssl_session_cache       builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;
 
 
        location / {
                proxy_pass              http://my-host.domain.com:8000;
 
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Host $http_host;
                proxy_set_header        X-Forwarded-Proto https;
                proxy_set_header        X-Forwarded-Port $server_port;
                proxy_read_timeout      90;
 
                # websocket
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
 
 
        }
}

In this example, server listen is configured to port 443, 8443, and 9443. These ports are configured to forward traffic to DTP, Extension Designer, and Policy Center, respectively, with the proxy_pass setting. 

Reverse Proxy Support for WebSockets 

See the following documentation to configure your reverse proxy server for WebSockets communication: http://nginx.org/en/docs/http/websocket.html

  • No labels

Need assistance? Visit our support page