Alteryx Server Knowledge Base

Definitive answers from Server experts.

Requirements for Configuring Alteryx Server with a Load Balancer (or Reverse Proxy)

SophiaF
Alteryx
Alteryx
Created

Requirements for Configuring Alteryx Server with a Load Balancer (or Reverse Proxy)

 

This article covers the various configurations for Gallery behind a load balancer/reverse proxy. The configuration will depend on what authentication mechanism you are setting up, as well as if SSL is used.

 

**Please note that all Base Addresses when referred to are appending /gallery to the hostname/FQDN:

  http(s)://hostname.domain.tld/gallery

**Please note some load balancers use health probs (sometimes call health checks) to validate gallery responses and can often fail or show a 307 temporary redirect error. If this happens try specifying the following: 

  • /gallery/api/status/ping/ 


Key for flowcharts

  • Green = SSL/TLS
  • Purple = no SSL/TLS
 

Built-in Authentication

 

SSL/TLS - End to End

 
  • Set the Base Address on the Gallery nodes to the hostname/FQDN of the machine (https)  
  • Set the Canonical Base Address in RuntimeSettings.xml to the load balancer alias (https)  
  • Certificates must be installed on the load balancer, and all Gallery nodes
 

image.png

 

 

 

SSL/TLS - Terminating at the Load Balancer* (only available for Built-in Auth)

 

In this case the connections between the load balancer and the Gallery nodes communicate over http.

 

*When SSL terminates at the load balancer, users will not be able to use the Gallery API through the load balancer. If this is a requirement for your use case, you must have SSL go through to the Gallery nodes.

 
  • Set the Base Address on the Gallery nodes to the hostname/FQDN of the machine  
  • Set the Canonical Base Address in RuntimeSettings.xml to the load balancer alias (https)  
  • Certificate must be installed on the load balancer
 

image.png

 

 

 

No SSL/TLS

 
  • Set the Base Address on the Gallery nodes to the hostname/FQDN of the machine  
  • Set the Canonical Base Address in RuntimeSettings.xml to the load balancer alias
 

image.png

 

Windows Authentication


Please note that for Windows Authentication a classic or network load balancer must be used. Application load balancers will not work with Windows Authentication.
 

SSL/TLS - End to End

 
  • Set the Base Address on the Gallery nodes to the hostname/FQDN of the machine (https)  
  • Set the Canonical Base Address in RuntimeSettings.xml to the load balancer alias (https)  
  • Certificates must be installed on the load balancer and all Gallery nodes
 

image.png

 

No SSL/TLS

 

 

  • Set the Base Address on the Gallery nodes to the hostname/FQDN of the machine  
  • Set the Canonical Base Address in RuntimeSettings.xml to the load balancer alias
 

image.png

 

 

SAML Authentication

 

SSL/TLS - End to End

 
  • Set the Base Address on the Gallery nodes to the hostname/FQDN of the machine (https)  
  • Certificates must be installed on the load balancer and all Gallery nodes  
  • Edit the hosts file to route the FQDN of the load balancer to the loopback adapter:  
127.0.0.1    alias.domain.tld
 

image.png

 

No SSL/TLS

 
  • Set the Base Address on the Gallery nodes to the hostname/FQDN of the machine  
  • Edit the hosts file to route the FQDN of the load balancer to the loopback adapter:
  127.0.0.1 alias.domain.tld
 

 

image.png


Additional Resources
 



No ratings