License Server Help

Secure connection configuration

To configure secure connection for License server you can set up License server to work behind a secure reverse proxy server.

MSI

For MSI distribution start with configuring License server to use a base URL (the URL that end users will request for to access your License server installation):

<license_server_home>\bin\license-server.bat configure --listen-port 8080 --base-url http://license-server.mydomain.com:443

where:

  • 8080 is the port number License server will listen to
  • http://license-server.mydomain.com is the address of your proxy server
  • and 443 is the port number your proxy will listen to

Then please run the following command when JetBrains License Service is stopped <license_server_home>\apps\license-server\bin\license-server.bat configure --jetty.virtualHosts.names=proxy-server.mydomain.com.

where proxy-server.mydomain.com is the host of proxy or the host configured for usage by the license server.

If there are several hosts, please specify them comma separated.

ZIP

For ZIP distribution please configure License server host and port as follows:

<license_server_home>\bin\license-server.bat configure --listen 8080 --host license-server.mydomain.com

where:

  • 8080 is the port number License server will listen to
  • license-server.mydomain.com is the host of the License server

Then please run the following command when license server software is stopped <license_server_home>\bin\license-server.bat configure --jetty.virtualHosts.names=proxy-server.mydomain.com for Windows or <license_server_home>/bin/license-server.sh configure --jetty.virtualHosts.names=proxy-server.mydomain.com for Linux and Mac OS X.

where proxy-server.mydomain.com is the host of proxy or the host configured for usage by the license server.

If there are several hosts, please specify them comma separated.

To configure Nginx for using secure connection, please use the following instruction.

Nginx configuration

Nginx configuration file in case of SSL connection is expected to look as follows:

server { listen 443 ssl; server_name localhost; ssl_certificate <path_to_certificate>; ssl_certificate_key <path_to_key>; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Proto https; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://license-server.mydomain.com:8080/; } }

where:

  • proxy_set_header X-Forwarded-For $remote_addr;, proxy_set_header X-Real-IP $remote_addr; and proxy_set_header X-Forwarded-Proto https; are headers required for proper functioning of License server software
  • listen 443 is the port that you have previously specified as a part of --base-url parameter
  • proxy_pass http://license-server.mydomain.com:8080/ is the path to your License server machine with the port that you have previously specified using the -–listen-port command

Note: Please refer to the corresponding Nginx documentation pages for a description of server_name, proxy_set_header, proxy_pass.]]

IIS

To set up an IIS server as a reverse proxy you may follow this example:

  1. Stop License Server if it is running;
  2. Download and install the Application Request Routing (ARR) extension from the Microsoft website; [https://www.iis.net/downloads/microsoft/application-request-routing]
  3. In IIS Manager, connect to the IIS server - in this case, localhost;
  4. Highlight the server in the Connections pane;
  5. Double-click URL Rewrite;
  6. Click View server variables in the right pane; Use the Add… action to add the following server variables to the list:
    • HTTP_X_FORWARDED_HOST
    • HTTP_X_FORWARDED_SCHEMA
    • HTTP_X_FORWARDED_PROTO
  7. Highlight the server in the Connections pane;

  8. Double-click Application Request Routing Cache;
  9. Click Server Proxy Settings... under the Proxy heading in the Actions pane;
  10. Select the Enable proxy checkbox;
  11. Deselect the Reverse rewrite host in response headers checkbox, then click Apply;
  12. In the Connections pane, under Sites, select Default Web Site;
  13. Double-click the URL Rewrite feature, then click Add Rule(s) in the Actions pane;
  14. Add a Reverse Proxy rule with the server name: * localhost:1111 (replace with the real location and port of your Floating License Server service);
  15. Open the rule, check that the rewrite URL is correct, and add the following server variables:
    • Set the HTTP_X_FORWARDED_HOST variable to {HTTP_HOST};
    • Set the HTTP_X_FORWARDED_SCHEMA variable to https (if the IIS site is configured to use HTTPS, otherwise set the variable to http);
    • Set the HTTP_X_FORWARDED_PROTO to https (if the IIS site is configured to use HTTPS, otherwise set the variable to http);
  16. Make sure that anonymous authentication is enabled:

  • In the Sites section of the Connections pane, select Default Web Site;
  • Double-click Authentication, select Anonymous, then click Enable in the right panel.

(Optional) To access the Floating License Server over HTTPS, add a new SSL binding to the Default Web Site. The address that the SSL binding listens to (Host URL) should match the Floating License Server base URL. The certificate that you choose should correspond to the server DNS address.

Note: Please don't use "Include TCP port from client IP" checkbox in IIS settings cause it may have a negative influence on All Products Pack licenses processing.

Note: Please also refer to the corresponding IIS documentation: Setup IIS.

Last modified: 19 December 2017