AMC URL with folder path, proxing AMC behind Apache/Nginx [Feature Request]


#1

AMC, even community edition is a nice and handy tool, but having it run without any protection and/or on a separate address to access by plain HTTP URL or setting up VPN to access it makes it a pain for system administrators.

One way to mitigate most of this issues is to run AMC binded to 127.0.0.1 address and access it via reverse proxy on Apache/Nginx. That allows to use access lists, password protection and TLS without touching AMC code itself. Sounds nice, but in the current incurnation it’s a bit tricky :frowning:

Here is (possibly excessive) Apache setup I use to access AMC, running at 127.0.0.1:3080:

ProxyRequests           off
ProxyPass               /amc/                   http://127.0.0.1:3080/
ProxyPass               /static/                http://127.0.0.1:3080/static/
ProxyPass               /aerospike/             http://127.0.0.1:3080/aerospike/

ProxyPass               /get_amc_version                http://127.0.0.1:3080/get_amc_version

ProxyPassReverse        /amc/                   http://127.0.0.1:3080/
ProxyPassReverse        /static/                http://127.0.0.1:3080/static/
ProxyPassReverse        /aerospike/             http://127.0.0.1:3080/aerospike/

ProxyHTMLURLMap         http://127.0.0.1:3080/          /amc
ProxyHTMLURLMap         http://127.0.0.1:3080/static            /amc/static
ProxyHTMLURLMap         http://127.0.0.1:3080/aerospike         /amc/aerospike

<Location /amc/>
        ProxyPassReverse /
        SetOutputFilter proxy-html
            RequestHeader   unset  Accept-Encoding
</Location>

<Location /static/>
        ProxyPassReverse /
        SetOutputFilter proxy-html
        RequestHeader   unset  Accept-Encoding
</Location>

<Location /aerospike/>
        ProxyPassReverse /
        SetOutputFilter proxy-html
        RequestHeader   unset  Accept-Encoding
</Location>

That requires proxy and proxy_html modules enabled. Looking on the given config you can see, that it’s quite excessive, as it has to intercept access to the /aerospike/, /amc/, /static/ and /get_amc_version URIs. I’m lucky, that my main site doesn’t have such subdirs by itself, but that’s not for everyone.

All this problems can be mitigated by allowing to access AMC by the URL that contains sub-folder in the path. For example, http://127.0.0.1:3080/amc/. Then all proxing could be configured in just few lines.

Please, implement such a configuration option to ease the life of those who run AMC behind FW or on a remote location.