Dash Enterprise Administration
4.3.1
4.3.1
  • Changelog
  • Installation
    • Capacity Planning
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • Before you install
    • Dash Enterprise Single Server
      • Installation on cloud provider
      • On-premise installation on own server
      • Fully offline installation
    • Dash Enterprise Kubernetes
      • Amazon Web Services resource prerequisites
      • Google Cloud Platform resource prerequisites
      • Microsoft Azure resource prerequisites
  • Configuration
    • Set up your Server Manager
    • Run preflight checks
    • Configure basic settings
    • Authentication settings
      • Built-in local authentication
      • LDAP authentication
      • SAML authentication
    • Dash Enterprise Kubernetes additional required configuration
    • Configure optional settings
    • Add SELinux permissions to mapped directories
    • Other options and customizations
    • Using Snapshots & Backups
    • Running and logging into Dash Enterprise
    • Next steps
  • Advanced Configuration
    • General troubleshooting and problem solving
      • Dash Enterprise Kubernetes
    • Load balancer configuration
    • Reverse proxy setup instructions
    • Docker storage driver requirements and considerations
    • Import an LDAPS certificate from Active Directory into Dash Enterprise
    • Transfer Dash Enterprise to a new server
    • Sync license changes
    • Change channels for an upgrade
    • Admin panel reference
    • Configure Dash Enterprise to use common SAML IdPs
      • Active Directory Federation Services (AD FS)
      • PingFederate
      • Okta
    • Configure Dash Enterprise to use common LDAP IdPs
      • Okta
  • Upgrade
    • Prepare for the upgrade
    • Upgrade
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • After the upgrade
  • Advanced Troubleshooting
    • Dash Enterprise Architecture and Internals
    • Navigating the System
    • Navigating the Support Bundle
    • Getting Help and Reporting Issues
    • Troubleshooting Specific Issues
Powered by GitBook
On this page
  • Overview
  • Prepare for reverse proxy
  • Install the proxy
  • Configure the proxy
  • Update the virtual host file
  • Configuring Let's Encrypt (Optional)

Was this helpful?

  1. Advanced Configuration

Reverse proxy setup instructions

PreviousLoad balancer configurationNextDocker storage driver requirements and considerations

Last updated 1 year ago

Was this helpful?

The following instructions walk you through setting up an Nginx reverse proxy to establish an HTTP basic authentication layer before the application. These steps are specific to Ubuntu 18.04 but are generic enough to apply to other reverse proxies.

Overview

The above diagram outlines the server layout for running Dash Enterprise behind a reverse proxy. The reverse proxy receives requests from the client intended for the host, then passes authenticated requests to the authentication server (dashauth) listening on the internal IP used by Docker.

A typical request works as follows:

1 - The user's machine performs a DNS lookup for plotly.your.domain and gets the IP address of the server

  • plotly.your-company.com is the Base Domain Name configured in the server settings

2 - The user's machine connects to this IP via client and reaches the reverse proxy

3 - The reverse proxy then sends an authenticated request to plotly.your.domain

4 - The request is forwarded to the Dash Enterprise instance

Prepare for reverse proxy

Once Dash Enterprise has been installed, enable Local Proxy Mode as follows:

1 - Browse to the Dash Enterprise Server Manager Settings page

2 - Check Enable Docker Customizations

3 - Check Enable Local Proxy Mode

4 - Click Save at the bottom of the screen, then click Restart Now to apply your changes

5 - Browse to Dash Enterprise Server Manager and press "Stop Now" to stop Dash so we can have successful Nginx (reverse proxy) Install.

As a result of this change, Dash Enterprise will use Docker’s internal IP address, freeing up the host server’s IP address for use by the reverse proxy. The application will not respond to web requests until the reverse proxy is running.

Install the proxy

After Dash Enterprise has been set to use Local Proxy Mode, install the proxy as follows:

1 - SSH into your server

2 - Install Nginx

sudo apt-get install nginx
sudo apt-get install certbot python3-certbot-nginx			# Optional packages for Let's Encypt

Configure the proxy

Modify the configuration files associated with the web server to establish the authentication layer and reverse proxy, as follows.

Update the virtual host file

1 - Replace the contents of the virtual host file /etc/nginx/sites-enabled/default with the following.

server {

    listen host_addr:443 ssl;

    server_name plotly.your.domain;
    client_max_body_size 25m;
    ssl_protocols TLSv1.2;

    location / {

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection "upgrade";

        proxy_pass https://plotly.your.domain;

    }

    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
}

where host_addr is the internal IP of the host machine (typically named eth0 device), and server name as well as the ssl_certificate and ssl_certificate_key to match your scenario.

To confirm the IP address of your host server (the host_addr parameter):

hostname -i

2 - Next, find the internal IP address used by Docker (docker0_addr):

ifconfig docker0 | grep "inet " | awk '{print $2}'

3 - Edit /etc/hosts to include an entry for the docker_addr that maps to the Base Domain and Streaming Domain associated with your Dash Enterprise instance:

172.17.0.1 plotly.your-company.com plotly-stream.your-company.com
  • Replace 172.17.0.1 with the docker0_addr you discovered in Step 2

4 - Restart the Nginx service for the changes to take effect

sudo systemctl restart nginx
sudo systemctl enable nginx				# Ensure service is always started after reboots

5 - Browse to the Dash Server Manager and select Start Now to start Dash Enterprise.

Configuring Let's Encrypt (Optional)

1 - SSH into your server and run the command below; then follow the shell script wizard:

sudo certbot --nginx -d plotly.your.domain -d plotly.your.domain

2 - Browse to the Domain URL you set and you should see a valid TLS/SSL cert.

Step 4 typically requires adding an entry to the /etc/hosts file on the host server to allow the reverse proxy’s request for plotly.your.company to be directed to the internal IP used by Docker. This is further discussed in .

Note: The client_max_body_size 25M; increases the maximum size of the client request body allowed by Nginx to 25 MB. The default of 1 MB is too low for most organizations and results in a 413 (Request Entity Too Large) error when exceeded. .

Note: The ssl_protocols TLSv1.2; enables the TLSv1.2 protocol. .

Go to the Nginx reference for this directive
Go to the Nginx reference for this directive
Proxy Configuration