Deploying a proxy server for use with i2 Analyze

When you deploy i2 Analyze, the application is bound to the local server on port 9082. Clients can use the hostname, IP address of the server, or localhost to connect to the deployment. To work with your existing network, or for load-balancing purposes, you can deploy a proxy server or load balancer for use with i2 Analyze.

When you deploy a proxy server or load balancer for i2 Analyze, there are two mechanisms that you can use to determine how users connect to the application:
  • Populate the X-Forwarded-Host and X-Forwarded-Proto headers on requests
  • Specify a single connection string for the FrontEndURI setting in the i2 Analyze configuration
To use a proxy server or load balancer with i2 Analyze, it must meet the following requirements:
  • Handle WebSocket requests and keep the WebSocket connection alive for longer than 180 seconds.
  • Pass through any security configurations (for example client certificate authentication) to the i2 Analyze server. You must enable this according to the documentation for your proxy server.
  • If you want to use the X-Forwarded headers, the proxy server or load balancer must be able to populate them. For more information about the headers, see X-Forwarded-Host and X-Forwarded-Proto.
  • If you are planning to deploy i2 Analyze with high availability, your load balancer must also provide server persistence. For more information, see Deploying a load balancer.

To allow users to connect by using the URI of the proxy server or load balancer, you can populate X-Forwarded-Host and X-Forwarded-Proto headers or specify the URI in the i2 Analyze configuration. If you configure the connection URI for your deployment, users that connect to i2 Analyze must use the URI that you specify.

If your application has the http-server-host attribute set to true in the topology.xml, your proxy server is not required to route requests to the port number the application is listening on.

The following image shows the URIs that you might use in this example:

  1. To use the X-Forwarded headers to allow clients to connect to the deployment:
    1. Configure your proxy server or load balancer to populate the X-Forwarded-Host and X-Forwarded-Proto headers with the hostname and protocol that was used to connect to the proxy server or load balancer.
      For more information about the headers, see X-Forwarded-Host and X-Forwarded-Proto.
    After you configure the X-Forwarded headers, you do not need to redeploy i2 Analyze. The URI that is displayed in the console will remain the same.
  2. To specify a single connection URI:
    1. Using a text editor, open the toolkit\configuration\fragments\opal-services\WEB-INF\classes\DiscoClientSettings.properties file.
    2. Set the value of the FrontEndURI property to the URI that can be used to connect to your deployment of i2 Analyze through the proxy server.
      For example, FrontEndURI=http://proxy.server/i2.
    3. Save and close the file.
    After you update the connection URI, you can either modify other aspects of the deployment toolkit or redeploy the system to update the deployment with your changes. After you deploy i2 Analyze and start the server, the URI that can be used to access the system is displayed in the console.
Ensure that you can access i2 Analyze by using this URI from a client workstation that uses the proxy server.