Reverse Proxy Configuration

A reverse proxy is a flow where the client uploads the data returned by the SDK to the credolab server by proxying it through their own server. This configuration can be useful when:

• The web SDK is unable to directly upload datasets to the credolab server because of browser AdBlock and other security policies within the client's organisation.
• To avoid app store rejections due to the perception of the credolab servers as third-party data collection participants.

Configuration

• When integrating the SDK, the URL should be set as https://<clientUrl.com>/cl, where /cl is a root segment that identifies all requests from the SDK to be handled by the relevant Nginx rules.

  📘

  Note

  The realIP property should be null during upload action in case reverse proxy configuration is selected

• Requests coming from the /cl root on the client server should be forwarded to the credolab server, with the X-Real-IP header attached containing the original IP address of the request. This header will be used by credolab to identify the real IP address from which the request originated.

Example: Configure reverse proxy in Nginx

server
{
	… other configuration entries …
	location /cl/
	{
		rewrite /cl/(.*) /$1 break;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_pass https://scoring-**.credolab.com;
	}
	…
}

🚧

When Nginx or any other server is used as a reverse proxy, and if it is not the initial layer that directly accepts client requests, and there are additional components such as a Web Application Firewall (WAF), API Gateway, or similar layers, then the X-Real-IP header should retrieve the originate IP address from the $http_x_forwarded_for parameter (relevant to Nginx). However, this process may vary depending on the specific configuration of preceding layers before the proxy server.