Installing Totum PRO in Networks with an Intermediate Proxy

If your network configuration involves installing Totum on a virtual machine that does not have its own external IP address, and routing requests to the system will be done through a proxy server (such as HAProxy or any other), you need to consider several points during installation.

  1. Since the certificate will be connected to the proxy server, the installation of Totum should be done in a mode without a certificate. To do this, when running the installation script, you need to leave the domain field empty, but at the step of confirming the IP address, you must specify the domain through which access will be made in the browser and to which the proxy will respond. This is important for the license to work.

  2. The proxy server must be configured in such a way that the host of the request is forwarded to the backend — the domain that the user enters in the browser to access the system. That is, the domain on the proxy, the domain in Conf.php in the root of the Totum installation, and the domain (host) in the license must match.

  3. The proxy server must be configured to forward websocket requests to the backend. The use of websocket can be seen in the configuration files of nginx http or for ssl.

  4. The host (domain) through which access to the system is made must be accessible from the console of the server on which Totum is installed. You can check this by executing curl -L YOUR_TOTUM_HOST. Sometimes the network is configured in such a way that the request local_totum_ip -> proxy_external_ip -x local_totum_ip is not executed. In this case, you need to specify the internal IP of the proxy server for the system domain in /etc/hosts so that the request is executed along the path local_totum_ip -> proxy_local_ip -> local_totum_ip. Also, there may be looping of http -> https redirects on the proxy. If you see such a situation when executing curl -IL YOUR_TOTUM_HOST from the Totum server console, then set exceptions in the proxy settings for redirects on requests coming to the internal IP of the proxy server.

  5. The proxy server must allow a sufficient volume of the HTTP request body. For example, nginx by default has a limit of 1MB. If not reconfigured, this will practically look like the inability to upload a file larger than 1MB.