If you want to configure nginx or some other proxy in front of Foundry with SSL Termination, this is a must read tech note.
Foundry persists some base Foundry service URLs in the backend database. You can not easily change a deployment from HTTP to HTTPS or vice versa. You need to get this correct at initial install time.
The key points at a high level:
- Install Foundry with HTTP only (during install you are prompted for details, specify http vs https).
- Do not create the admin user or any other users after the product is installed
- Stop the Foundry App Server
- Edit several Foundry configuration files in the App Server installation changing the KONY_ACCOUNT_API_BASE_URL to HTTPS.
- If the SSL Cert you will use on the reverse proxy is self signed or signed by a non-standard CA, import the cert into the App Server’s JRE trust store.
- Update the WAAS_BASE_URL property in the backend database to reflect the secure service url.
- Configure your front end to proxy to Foundry over HTTP
It’s only a handful of simple steps and it’s pretty easy to follow, but these steps are crucial to your success.