Search code examples
restreverse-proxyiis-10prismic.io

Proxy in IIS to a private Prismic repo - is it possible?

I have an Angular(8) solution that talks to a public Prismic repo through a reverse proxy on the same IIS that Angular is hosted on.

Now I want to talk to a private Prismic repo instead.

How do I set up the proxy to add headers and whatnot?
Is it even possible or does the authorisation require yet a step?

(I don't get it to work in VSCode-rest-client-plugin either. There is documentation on how to get it to work in Postman - and that is what hints me it is not possible to "simply proxy" a call into a private Prismic repo.)

Addendum:

The private Prismic repo has a secret key that must not make its way on to the client.
I hope to add the secret in the proxy as I am in full control of the proxy.

Solution

  • It is totally possible to use IIS' reverse proxy to connect to a Prismic private repo.
    What is needed is to set up IIS' reverse proxy and to give it the secret used for authorisation at Prismic.

    By the time of writing I have found no way to install just IIS' reverse proxy but one has to install the whole farm extension called ARR.

    It is the site, not the server, that has the reverse proxy so update web.config with data corresponding to: (grok the xml comments)

    <system.webServer>
    <rewrite>
        <rules>
            <!-- `stopProcessing` is, I guess, the normal case. -->
            <rule name="CMS rewrite" stopProcessing="true">

                <!-- `"^cms(.*)"` matches `cms`, `cms/` and `cmsanything` which might not be what was intended. -->
                <match url="^cms(.*)" />

                <!-- Is is important to below Not use the `cdn` as in `yoursite.cdn.prismic.io` that is used for the queries. -->
                <!-- `logRewrittenUrl` can be handy for tracing the target. -->
                <action type="Rewrite" url="https://yoursite.prismic.io/api/v2" logRewrittenUrl="true" />

                <serverVariables>
                    <!-- Replace `the-token` with the token found when setting the Prismic repo to private. -->
                    <set name="HTTP_AUTHORIZATION" value="Bearer the-token" />
                </serverVariables>
            </rule>
...

    There is a click-and-write GUI too but, at least to me, it is harder to understand. And explain.

    There is something on how Prismic later handles the authorisation secret that annoys me, but that is another issue.

    HTTP_AUTHORIZATION has to be set up as a server variable. IISManager->URLRewrite->ViewServerVariables->Add.
    I have not bothered to find out where this is stored.

    Handy tip for debugging URL rewrite issues.