Versionen im Vergleich

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

  • The graphical user interface, usually /cmsbs

  • Web services (both built-in and developed individually built for your project with CSE), usually /cmsbs/rest

Those web services can act as interfaces to other systems but they can also be consumed by front end applications on your web sites or Emails. Those public interfaces can be:

...

To expose specific web services to the Internet there is a separate web component called “UM REST Proxy”. It is a small Java web application which can run in a separate Tomcat server. It offers extensive configuration options to limit traffic and general availability of individual REST interfaces of the Universal Messenger.

Info

Details: https://www.universal-messenger.de/knowledge-base/intern/doc-en/Administration/REST-proxy.html

...

  • Application specific Reverse Proxy or Application application firewall

    • It manages only access to REST services offered by the Universal Messenger and only gives access to those REST services which are explicitly allowed (whitelist).

  • Caching static resources so that the Universal Messenger has to answer only as few HTTP requests as possible. 

  • Protection of internal infrastructure (Universal Messenger, databases etc.) from the effects of external (D)DOS attacks 

  • Separation of public and protected API (internet vs. extranet) 

  • Distribute and allocate front-end tasks in a cluster 

...

You can have different UM Rest Proxy instances on different web servers, e.g. Intranet vs. Internet or different domains/tenants which all use different interfaces on the UM backend.

Getting the REST proxy web app

The UM REST Proxy web app is shipped with every Universal Messenger installation.

It can either be copied from the UM server ($UM_HOME/web-integration/cmsbs-restproxy.war) and manually configured via context file or downloaded from the UM GUI as a preconfigured WAR file.

Info

Installation details: https://www.universal-messenger.de/knowledge-base/intern/doc-en/Administration/REST_proxy_installation.html

Typical configuration

Assuming you have the following setup:

  1. Outmost web server for www.yourwebsite.com on server A, running on https port 443

  2. Apache Tomcat with UM REST Proxy on same server A running on port 8080, access limited to only localhost

  3. Apache Tomcat with Universal Messenger on server B running on port 8080

Outmost web server → UM REST Proxy on local Tomcat

On your outmost web server or load balancer which handles your website under www.yourwebsite.com add a Reverse Proxy configuration to handle proxy all requests to /p/…

On Apache this Apache will need the following modules:

  • proxy

  • proxy_http

  • headers

The configuration would looks like this:

Codeblock
<Location /p/>
    SetEnv proxy-initial-not-pooled 1
    ProxyPass "http://your_restproxy_tomcat:12345localhost:8080/p/"
    ProxyPassReverse "http://your_restproxy_tomcat:12345localhost:8080/p/"
    RequestHeader set x-cmsbs-urlprefix "https://www.yourwebsite.com/p"
    RequestHeader unset x-cmsbs-restproxy-path 
    RequestHeader unset x-forwarded-host 
</Location>
Info

All configuration options: https://www.universal-messenger.de/knowledge-base/intern/doc-en/Administration/Operating_in_internet.html

UM REST Proxy on local Tomcat → Universal Messenger on server B

Assuming the UM REST Proxy will be deployed as /p on Tomcat the context file would look like this:

Codeblock
<Context path="/p" docBase="/opt/UM/cmsbs-restproxy.war">
    <Parameter name="cmsbs.resturl" value="http://server-b:8080/cmsbs/rest" />
...
</Context> 
Info

More configuration options including whitelisting: https://www.universal-messenger.de/knowledge-base/intern/doc-en/Administration/REST_proxy_configuration.html