Security - Authentication Proxy

You can configure Pulse to let an HTTP reverse proxy handle authentication. Popular web servers have a very extensive list of pluggable authentication modules, and any of them can be used with the AuthProxy feature.

Examples of proxying methods include using NGINX with HTTP basic authentication or Apache with mod_auth_mellon.

Note: Available in Enterprise edition.

Auth Proxy Settings

These settings can be configured as environment variables, system properties or .yml config files. See Admin Configuration for more info.

Windows Settings

SET DEMO=false
SET AUTH_PROXY_ENABLED=true
SET SERVER_HOST=localhost
SET USERNAME_HEADER_NAME=X-WEBAUTH-USER
echo ROOT_URL only required if forwarding to subdirectory.
SET ROOT_URL=http://pulseproxy.me/pp

Linux Settings

export DEMO=false
export AUTH_PROXY_ENABLED=true
export SERVER_HOST=localhost
export USERNAME_HEADER_NAME=X-WEBAUTH-USER
# ROOT_URL only required if forwarding to subdirectory
export ROOT_URL=http://pulseproxy.me/pp

If you are using proxy authentication, we recommend that you use an IP whitelist.
If you are not using a whitelist, it is assumed that you are using some other networking mechanism to ensure that all authenticated requests are coming from a trusted client, such as only binding the server to localhost and running the authenticating proxy on the same machine on a different network interface.

Example Apache Configuration

For testing purposes here is an example apache proxy configuration that was tested working, note the websockets rule:

First run this command to install the relevant apache modules:

sudo a2enmod proxy proxy_http proxy_balancer lbmethod_byrequests proxy_wstunnel

Then create this apache configuration:

# https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension-ubuntu-20-04
# sudo a2enmod proxy proxy_http proxy_balancer lbmethod_byrequests proxy_wstunnel

<VirtualHost *:80>
    ServerName pulseproxy.com

    ProxyPreserveHost On

    RewriteEngine On
    # websocket 
    RewriteCond %{HTTP:Upgrade}         =websocket                      [NC]
    RewriteRule ^/pp/(.*)           ws://127.0.0.1:8080/$1   [P,L]

    ProxyPass /pp http://127.0.0.1:8080
    ProxyPassReverse /pp http://127.0.0.1:8080
</VirtualHost>