Ingredients
- A BIMcloud manager running on http://bim.example.com:19000 (A)
- A BIMserver ArchiCAD 19 module running on http://bim.example.com:19001, paired with A
- A BIMserver ArchiCAD 21 module running on http://ac21.example.com:21001, paired with A
- nginx installed and running in your DMZ
Secret names
In BIMcloud 21 it's possible to define multiple URLs to access a given BIM server. We will take advantage of this feature to map our public hostnames and secure URLs with our private names and insecure URLs.
You will need public DNS records for all the BIMcloud servers involved, but the names don't necessarily have to be the same as in your private DNS - they can be anything you like, as long as they're listed in the “Alternate addresses” - list of the corresponding server. If you're already using FQDNs (not .local or .lan, etc) on your LAN, then I would recommend also using the same names publicly, for clarity's sake.
- Open http://bim.example.com:19000 and navigate to Servers > BIMcloud Manager > Connection settings
- Edit > Alternative addresses and lookup order > add https://bim.example.com and save your changes. You can put whatever you want here, just as long as your external users can resolve those addresses…
Unfortunately, the BIMcloud/server relationship is not completely transparent - the client has to be able to connect to the final server where the project (and necessary libraries) is hosted. Knowing that, let's add the external addresses to our ArchiCAD 21 BIMserver:
- Select the server in the BIMcloud manager > Alternative addresses and lookup order > add https://ac21.example.com:21001 and save your changes
Pro tip: Use ArchiCAD's Network Diagnostics tool to verify that the client is actually receiving the new addresses from the server. Notice how you get an error for the public addresses - this is to be expected, because the external traffic will be routed differently than our internal ArchiCAD clients. If you want your local clients to also use HTTPS, just install the SSL proxy on the same host as your BIMcloud manager.
##Proxy configuration
Setting up the actual nginx reverse proxy that will take our SSL traffic and forward it to the corresponding internal BIMcloud/server is probably the most straight-forward part of the entire operation:
##Firewall configuration
Finally, poke some redirects into your firewall to forward 443 and 21001 to the proxy web server. Test the setup via a 4G modem and make sure you also test opening the ArchiCAD project (making sure you can access both the BIMcloud management and BIMserver hosting the project).
PS. I would like to thank the excellent Charles Proxy which proved extremely useful in figuring out what ArchICAD was doing under the hood.