Reverse Proxy

One way to expose your servers to internet users is to use a reverse proxy to retrieve content from servers inside your organization's network. In other words, your server is located behind a firewall and the reverse proxy server accesses the server on behalf of the internet users.

Reverse proxy (all servers on intranet)

Considerations

A reverse proxy is essentially a rule that maps an external URL to an internal web server URL.

• Map the external URL  to a different internal URL so that the internal server name is not exposed.
• Reverse proxies use the SSL web port (TCP 443).
•  Expose the following virtual folders in the sites:
  • Autodiscover (optional but recommended – used to discover the best endpoint to connect to)
  • Identity (required, used for authentication)
  • API (optional, used by mobile devices to connect to the product)
  • Runtime (required, used to access the SmartForms runtime site)
  • SP15EventService (optional, depending on your requirement, used to allow SharePoint to trigger workflows in the product)
  • ViewFlow (optional, used to render the ViewFlow report)
  • Nintex Workspace(Desktop) (optional, exposes the Nintex Workspace(Desktop) site)
  • Services (Deprecated and optional, used by Nintex K2 Mobile 1.0)
  • Any other application folders used by custom apps
• Server and user segment must be able to reach the following public URLs using SSL (TCP 443) for external integration and authentication. This is also needed for the server to upload and access SharePoint documents and lists:
  • https://trust.k2.com
  • https://login.windows.net
  • https://login.microsoftonline.com
  • {Your SharePoint Online URL}
• For some reverse proxies, you must install the same SSL certificate as you have on the web server and select it in the rule.