This thread raises the question as to what are the pros and cons of fronting Aware directly onto the internet or hiding it behind a reverse proxy.
The source was a query on SSL and Tomcat by Henrik.
I've put this in the tips and trick rather than general as it's not really a functionality question and it might be easier for others to find someway down the road. I've come to like the model of a reverse proxy so most of my comments will be pro - while my posts may read like a statement of fact they are opinions and open to challenge and discussion.
Structure
Post a reply for each pro or con and rename the subject to describe the benefit or overhead - this will make it easier to follow conversation threads.
The following are links to the specific posts for Pros and Cons. I'll update until such time as I forget...
If you are using a web proxy in front of the Tomcat server you are able to use error pages to gracefully communicate to a user that the server is down.
If you just have the Tomcat server exposed to the end user and you take the server down you will get a generic timeout message
With a reverse proxy in place you can control where the traffic from the internet goes.
User --> reverse proxy --> Aware Server --> Database.
If you have a proxy in place you can ensure that traffic can only be served to the Aware Server. The connection to the Database can be abstracted further away from the internet. This provides an added layer of safety for your data (assuming you are not hosting your database on the same server as Aware - that is a bad idea).
As Aware ships with Tomcat, most people are probably not updating the Tomcat software separately. This means that when vulnerabilities are found in Tomcat see here https://www.cvedetails.com/product/887/ ... ndor_id=45 you can either update Tomcat or wait until it is updated within the Aware bundle.
If you abstract Tomcat away from the user it means that vulnerabilities are harder to exploit, party because the reverse proxy is acting as the user and can be expected to act in a manner that is security compliant, but also through the security by obscurity concept.
If you have configured Tomcat in any way it becomes a management overhead when you update Aware to ensure that you remember to reapply your changes e.g. enabling SSL
This is less of an issue with more recent releases of Tomcat, but you cannot load the Tomcat Management screens from behind a proxy (unless you have set a route from the proxy to the management panels).
Nowadays it is more difficult to accidentally enable management user access due to changes in the way that users.xml defaults are set.
Last edited by PointsWell on Wed Feb 17, 2021 4:17 am, edited 1 time in total.
Tomcat has a shut down port. If you don't switch it off a call to http://yourservername.com:8005 will shutdown your server.
For this to happen with a reverse proxy you would have to create a route to port 8005. If you didn't create the route explicitly the malicious user would just get an error message.
One less thing to have to check every time you update Aware
Edit: this is achievable with a decent firewall rule as well so not proxy specific.
Last edited by PointsWell on Wed Feb 17, 2021 11:26 pm, edited 2 times in total.
If you configure a reverse proxy, the URL may need rewriting in some cases as the public URL is different from the private URL. Have anyone experienced problems with this when using a reverse proxy with Aware?
PointsWell wrote: ↑Wed Feb 17, 2021 3:36 am
To run a reverse proxy you have to set up another server, so one more to manage.
The server doesn't have to be particularly hefty though as it is just managing connections and traffic.
One thing I am wondering about is how much a revere proxy actually toll a system. I am using IIS as a reverse proxy and I know others are using NGINX and it is ONLY used for that so I would think it does´nt take much but I don´t know.