Reverse Proxy Configuration¶
For remote administration of PCoIP endpoints to work, the reverse proxy must be accessible by the remote devices and by the PCoIP Management Console. Typically a reverse proxy will be installed in the DMZ of the network.
For remote administration of PCoIP endpoints, the reverse proxy must meet the following requirements.
It must be able to proxy the WebSocket protocol. The WebSocket protocol is used for communication between the endpoint and the Management Console.
Encrypted websocket connections have a wss:// preceeding the FQDN.
It must be configured with a publicly accessible address.
This same address is entered in the PCoIP Management Console External Address field on the REMOTE CONFIGURATION page, in SETTINGS > REMOTE.
It must have communication port TCP 5172 open in both directions.
It must have a certificate with its private key added to its configuration.
The reverse proxy must have a certificate with its private key added to its configuration. Use the SHA256 fingerprint from the reverse proxy certificate in the PCoIP Management Console External Certificate Fingerprint field on the REMOTE CONFIGURATION page, in SETTINGS > REMOTE.
Teradici has provided a sample configuration using nginx for a reverse proxy, and is provided as-is, with no warranty. This sample configuration resides on a nginx proxy server.