Unified Access Gateway uses different variables to differentiate between edge services, configured web proxies, and proxy destination URLs.
Proxy Pattern and Unsecure Pattern
Unified Access Gateway uses proxy pattern to forward incoming HTTP requests to the right edge service such as Horizon or to one of the configured web reverse proxy instances such as VMware Identity Manager. It is therefore used as a filter to decide if a reverse proxy is needed to process incoming traffic.
If a reverse proxy is chosen, then the proxy uses a specified unsecure pattern to decide whether to allow the incoming traffic to go to the back end without being authenticated or not.
(/|/view-client(.*)|/portal(.*)|/appblast(.*))and the pattern for VMware Identity Manager could be configured as
Retaining the '/' proxy pattern in the web reverse proxy instance (VMware Identity Manager) ensures that when a user clicks the URL of Unified Access Gateway, the VMware Identity Manager page is displayed.
If only Horizon settings are configured, the above change is not required.
Proxy Host Pattern
If there are multiple web reverse proxy instances configured, and there is an overlap in Proxy Patterns, Unified Access Gateway uses the Proxy Host Pattern to differentiate between them. Configure Proxy Host Pattern as the FQDN of the reverse proxy.
For example, a host pattern for Sharepoint could be configured as sharepoint.myco.com and a pattern for JIRA could be configured as jira.myco.com.
Configure this field only if Unified Access Gateway is not able to reach the back end server or application. When you add the IP address and hostname of the back end application to the Host Entries, that information is added to the /etc/hosts file of Unified Access Gateway. This field is common across all the edge service settings.
Proxy Destination URL
- For View, a component of Horizon 7, the connection server URL is the proxy destination URL.
- For web reverse proxy, the application URL of the configured web reverse proxy is the proxy destination URL.
Single Reverse Proxy Configuration
When Unified Access Gateway receives a single incoming request with a URI, the proxy pattern is used to decide whether to forward the request or drop it.
Multiple Reverse Proxy Configuration
- When Unified Access Gateway is configured as a reverse proxy, and an incoming request arrives with a URI path, Unified Access Gateway uses the proxy pattern to match the correct web reverse proxy instance. If there is a match, the matched pattern is used. If there are multiple matches, then the filtering and matching process is repeated in step 2. If there is no match, the request is dropped and a HTTP 404 is sent back to the client.
- The proxy host pattern is used to filter the list that was already filtered in step 1. The HOST header is used to filter the request and find the reverse proxy instance. If there is a match, the matched pattern is used. If there are multiple matches, then the filtering and matching process is repeated in step 3.
- The first match from the filtered list in step 2 is used. Note that this may not always be the correct web reverse proxy instance. Therefore, ensure that the combination of proxy pattern and proxy host pattern for a web reverse proxy instance is unique if there are multiple reverse proxies setup in a Unified Access Gateway. Also note that the host name of all the configured reverse proxies should resolve to same IP address as the external address of the Unified Access Gateway instance.
See Configure Reverse Proxy With VMware Identity Manager for more information and instructions about configuring a reverse proxy.