Dash Enterprise Administration
4.1.1
4.1.1
  • v4.1.1 Changelog
  • Installation
    • Capacity Planning
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • Before you install
    • Dash Enterprise Single Server
      • Installation on cloud provider
      • On-premise installation on own server
      • Fully offline installation
      • VMware Edition installation
    • Dash Enterprise Kubernetes
      • Amazon Web Services resource prerequisites
      • Google Cloud Platform resource prerequisites
      • Microsoft Azure resource prerequisites
  • Configuration
    • Set up your Server Manager
    • Run preflight checks
    • Configure basic settings
    • Authentication settings
      • Built-in local authentication
      • LDAP authentication
      • SAML authentication
    • Dash Enterprise Kubernetes additional required configuration
    • Configure optional settings
    • Other options and customizations
    • Using Snapshots & Backups
    • Running and logging into Dash Enterprise
    • Next steps
  • Advanced Configuration
    • General troubleshooting and problem solving
    • Load balancer configuration
    • Reverse proxy setup instructions
    • Docker storage driver requirements and considerations
    • Import an LDAPS certificate from Active Directory into Dash Enterprise
    • Transfer Dash Enterprise to a new server
    • Sync license changes
    • Change channels for an upgrade
    • Admin panel reference
    • Configure Dash Enterprise to use common SAML IdPs
      • Active Directory Federation Services (AD FS)
      • PingFederate
      • Okta
    • Configure Dash Enterprise to use common LDAP IdPs
      • Okta
  • Upgrade
    • Prepare for the upgrade
    • Upgrade
      • Dash Enterprise only instance
      • Dash Enterprise and Chart Studio Enterprise instance
    • After the Upgrade
  • Advanced Troubleshooting
    • Dash Enterprise Architecture and Internals
    • Navigating the System
    • Navigating the Support Bundle
    • Getting Help and Reporting Issues
    • Troubleshooting Specific Issues
Powered by GitBook
On this page
  • Overview
  • Prepare for reverse proxy
  • Install the proxy
  • Configure the proxy
  • Update the virtual host file
  • Configure the authentication layer
  • Run and Login

Was this helpful?

  1. Advanced Configuration

Reverse proxy setup instructions

PreviousLoad balancer configurationNextDocker storage driver requirements and considerations

Last updated 3 years ago

Was this helpful?

The following instructions walk you through setting up an Apache reverse proxy to establish an HTTP basic authentication layer before the application. These steps are specific to Ubuntu 14.04 or higher but are generic enough to apply to other reverse proxies.

Overview

The above diagram outlines the server layout for running Dash Enterprise behind a reverse proxy. The reverse proxy receives requests from the client intended for the host, then passes authenticated requests to the authentication server (dashauth) listening on the internal IP used by Docker.

A typical request works as follows:

1 - The user's machine performs a DNS lookup for plotly.your.domain and gets the IP address of the server

  • plotly.your-company.com is the Base Domain Name configured in the server settings

2 - The user's machine connects to this IP via client and reaches the reverse proxy

3 - The reverse proxy then sends an authenticated request to plotly.your.domain

4 - The request is forwarded to the Dash Enterprise instance

Prepare for reverse proxy

Once Dash Enterprise has been installed, enable Local Proxy Mode as follows:

1 - Browse to the Dash Enterprise Server Manager Settings page

2 - Check Enable Dash Customizations

3 - Check Enable Local Proxy Mode

4 - Click Save at the bottom of the screen, then click Restart Now to apply your changes

As a result of this change, Dash Enterprise will use Docker’s internal IP address, freeing up the host server’s IP address for use by the reverse proxy. The application will not respond to web requests until the reverse proxy is running.

Install the proxy

After Dash Enterprise has been set to use Local Proxy Mode, install the proxy as follows:

1 - SSH into your server

3 - Install the following Apache modules:

a2enmod proxy
a2enmod proxy_http
a2enmod headers
a2enmod ssl

And, if using LDAP authentication, also install:

a2enmod authnz_ldap

Configure the proxy

Modify the configuration files associated with the web server to establish the authentication layer and reverse proxy, as follows.

Update the virtual host file

Replace the contents of the virtual host file (etc/apache2/sites-enabled/000-default.conf by default) with the following:

<VirtualHost *:80>
    ServerName plotly.your.domain
    Redirect / https://plotly.your.domain/
</VirtualHost>

<VirtualHost *:443>

    ServerName plotly.your.domain
    ProxyPass / https://plotly.your.domain/

    RequestHeader unset Authorization

    SSLProxyEngine on
    SSLEngine On
    SSLCertificateFile /etc/apache2/server.crt
    SSLCertificateKeyFile /etc/apache2/server.key
    SSLCertificateChainFile /etc/apache2/ca.crt

</VirtualHost>

Configure the authentication layer

These instructions only cover local/LDAP HTTP basic authentication since the Plotly API clients (Python, R, or MATLAB) currently only support reverse proxies that require HTTP basic authentication. Other authentication implementations are also possible depending on your reverse proxy’s capabilities.

1 - Edit 000-default.conf to add the following Location directives in the <VirtualHost *:443> section:

<Location "/clientresp">
   Satisfy Any
   Allow from all
</Location>

<Location "/__internal/ping">
   Satisfy Any
   Allow from all
</Location>

  • This allows access to two required Dash Enterprise endpoints: /clientresp and/_internal/ping

  • 000-default.conf should look similar to the below example from the Plotly test site:

     <VirtualHost *:80>
    ServerName plotly.test.com
    Redirect / https://plotly.test.com/
 </VirtualHost>

 <VirtualHost *:443>
    ServerName plotly.test.com
    ProxyPass / https://plotly.test.com/
    RequestHeader unset Authorization
    SSLProxyEngine on

    SSLEngine On
    SSLCertificateFile /etc/apache2/server.crt
    SSLCertificateKeyFile /etc/apache2/server.key
    SSLCertificateChainFile /etc/apache2/ca.crt

    <Location "/">
       AuthType Basic
       AuthName "Plotly Test Authentication Layer"
       AuthUserFile /etc/users
       require valid-user
    </Location>

    <Location "/clientresp">
       Satisfy Any
       Allow from all
    </Location>

    <Location "/__internal/ping">
       Satisfy Any
       Allow from all
    </Location>

 </VirtualHost>

2 - Use the htpasswd utility to create credentials for each new user you want to have access, which will be stored in /etc/users:

# htpasswd -c /etc/users newuser
New password: **********
Re-type new password: **********
Adding password for user newuser

3 - Confirm the IP address of your host server (the host_addr parameter):

hostname -i

4 - Modify the Listen directives in /etc/apache2/ports.conf to allow the server to accept incoming requests only on the host_addr address. The configuration file should look similar to:

Listen host_addr:80

<IfModule ssl_module>
      Listen host_addr:443
</IfModule>

<IfModule mod_gnutls.c>
      Listen host_addr:443
</IfModule>

5 - Next, find the internal IP address used by Docker (docker0_addr):

ifconfig docker0 | grep -oP 'inet addr:\K\S+'

6 - Edit /etc/hosts to include an entry for the docker_addr that maps to the Base Domain associated with your Dash Enterprise instance:

10.1.2.3 plotly.your-company.com

  • Replace 10.1.2.3 with the docker0_addr you discovered in Step 4

  • Apache will now connect to the authentication server (using the Docker address) when it connects to plotly.your-company.com

  • Connections coming from outside the server will go to Apache as usual

7 - Restart the Apache service for the changes to take effect

Run and Login

  • You should see an authentication prompt similar to:

2 - Enter one of the sets of credentials that you configured using htpasswd to access the Dash app manager

3 - Proceed to create a new account using the Sign Up button in the top right

  • If using LDAP, skip this and use your existing LDAP credentials to log in

Step 4 typically requires adding an entry to the /etc/hosts file on the host server to allow the reverse proxy’s request for plotly.your.company to be directed to the internal IP used by Docker. This is further discussed in .

2 - Install Apache ()

1 - Bowse to the Base Domain URL you set ()

guide
https://plotly.your-company.com
Proxy Configuration