Submitted by Anonymous (not verified) on Wed, 03/16/2016 - 11:30
Forums

Hi Niels,

Firstly, thanks to you & your team for all your help in resolving our issues. We’re getting close to being able to deploy our initial Sales Team application. Because the Icecap system is already password protected, I don’t want to the sales team to have to open a VPN connection and then log in to the application. In your experience, what is the best method for deploying applications whilst avoiding the use of a VPN?

Regards,

Arthur

Niels Liisberg

Wed, 03/16/2016 - 12:22

Hi Arthur;

Our pleasure :) 

Regarding how to deploy application externally, I would suggest you to use subdomains:

If you already have a public DNS name, and if it already serve by an i.e. By Apache server (not necessary on a IBMi) - the configure the apace to make "URL-rewrite" to your icebreak application. I.e this is som lines from our apache config:

RewriteCond %{HTTP_HOST} ^mobile\.icebreak\.(org|dk)$     
RewriteRule ^/(.*)$ http://dkexp05:32800/$1 [P]           

What that means is: When a user enter "http://mobile.icebreak.org" in the browser URL (your iPad application), then apache will internally route that request in your network to your IBMi where your IceBreak application exists – in this case our IBMi is call dkexp05 and the IceBreak server is listening on port 32800.

This is the safest way, and has a number of benefits:

  1. You can configure any number of IceBreak servers you like and ( test / production / campaigns / CTO ) what ever
  2. You don directly expose the IBMi to the internet – the Apache proxy is the only that i "hurt" by the internet traffic.
  3. You can move the IBMi application around (to other partitions) and you dont need to change the public address 
  4. You dont have top expose the ip port to the public
  5. You dont need to make any port restrictions on you IBMi.
  6. You dont need to purchase a new domain for each application you make, subdomains is maintained by you and not ny any net supplier.

If you don't have a Apache in the DMZ, you can achieve the same with IIS, or even an IBMi apache.

Best regards,

Niels Liisberg