Chapter 2. Configuring RHMAP Core to Use Non-wildcard SSL Routing
For a standard RHMAP installation, we recommend using a wild card SSL certificate installed on the OpenShift router. However, in situations where this is not desirable, RHMAP can be exposed using a single URL using the following procedure.
2.1. Prerequisites
- A running MBaaS, tested with a Cloud App
- A tested public IP address and domain with an attached certificate
2.2. Provisioning the RHMAP Proxy
RHMAP Proxy is a separate component which routes requests from a single external host to Cloud Apps and RHMAP Core instances deployed on OpenShift.
For example, when RHMAP Proxy receives a request for https://rhmapproxy.internal.com/cloud_app_id/hello, that request is translated to http://cloud_app_id.internal.com/hello.
The RHMAP Proxy component is bundled within the RHMAP RPM in the form of an OpenShift template. Provisioning this template creates an OpenShift route and exposes this service.
Deploy an RHMAP Proxy for each MBaaS project:
Update the
/opt/rhmap/4.5/rhmap-installer/roles/non-wildcard-proxy/defaults/main.yml filefile with the following information- project_name - name for your new RHMAP Proxy
- rhmap_core_project_name - name of existing RHMAP Core project_name
- base_host - domain name of the OpenShift cluster
- platform_url - URL for RHMAP Studio
non_wildcard_external_host - URL exposed to the Internet that retrieves the API URL when an application starts
For example:
project_name: "rhmap-non-wildcard-ssl-proxy" rhmap_core_project_name: "rhmap-core" base_host: "internal.domain.com" platform_url: "https://rhmap.internal.domain.com" non_wildcard_external_host: "proxy-route.internal.domain.com"
Run the playbook:
ansible-playbook -i <inventory-file> non-wild-card-proxy.yml
Consider the following if you deploy applications behind the RHMAP Proxy
If you serve static content from your application, it is important to consider how paths are written within the application’s source code. It recommended to use relative paths with dot notation.
For example where the URL displayed in a browser takes the format of
https://rhmapproxy.mydomain.com/myAppId/contacts, in the source code of that application<a href=”/contact>Contact us>should be written as<a href=”./contact>Contact us>as appropriate.Server side applications must have a trailing slash appended to the URL if one does not exist when viewed in a browser.
Configure existing proxies
If there are existing proxies in your infrastructure, you must configure these appropriately.
Reverse proxy
A reverse proxy which is an entry point to your infrastructure and exposed to the Internet must be configured to point to the RHMAP Proxy OpenShift route.
HTTP proxy
When using the RHMAP proxy in conjunction with a HTTP proxy, ensure that the wildcard DNS record that your MBaaS is using refers to a routable IP address that the RHMAP proxy can communicate with , that is the RHMAP proxy must be able to communicate with the IP address of the Cloud Apps deployed to your MBaaS.
Configure DNS
By default, RHMAP Proxy uses the default OpenShift DNS server to resolve internal domain names. If you use a custom DNS server within your network, run the following command to specify your DNS server IP address in the RHMAP Proxy deployment:
oc env dc nginx-proxy DNS_SERVER=<ip-address>
2.3. Disabling the RHMAP Proxy
If you have provisioned the RHMAP Proxy as described in Provisioning the RHMAP Proxy and you later decide that you do not require it, complete the following procedure:
Delete the non wildcard ssl proxy project:
oc delete project <rhmap-non-wildcard-ssl-proxy>
Unset the EXTERNAL_HOST environment variable:
oc env dc millicore -n rhmap-core EXTERNAL_HOST=’’
- Open Studio and navigate to the Admin > MBaaS Targets section.
- For each MBaaS Target, remove the value for the External MBaaS Host field and save the changes.
- Edit any static content so that all links resolve as expected.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.