Configuring a proxy for Qlik License Service communication in QlikView Server
You can handle the communication between the Qlik License Service and the License Back-end with a proxy .
The Qlik License Service is included in QlikView April 2019 and later releases and is used when QlikView Server is activated using a signed key license. The Qlik License Service stores the information about the license, and communicates with a License Back-end Service, hosted by Qlik, for product activations and entitlement management. Port 443 is used for accessing the License Back-end Service and retrieving license information.
In a multi-node deployment, the Qlik License Service is installed on the machine running the QlikView Management Service (QMS). You can manage the status of the Qlik License Service by starting and stopping the Qlik Service Dispatcher, listed in the list of services running in the Windows machine.
You can configure the communication between Qlik License Service and the Qlik License Back-end to be handled by a proxy.
In QlikView Server, configuration of a proxy for the Qlik License Service is done using command line parameters. Both HTTP and HTTPS scheme are supported.
With QlikView Server June 2020 or later NTLM and basic authentication capabilities to the licenses service when communicating over a HTTP tunnel are available. This allows you to require authentication on tunneling proxies and configure a more secure environment.
Do the following:
-
Stop the Qlik Service Dispatcher, which handles the execution of the Qlik License Service.
- Navigate to the service.conf file, which by default is located in:
- Locate the section [licenses.parameters], which by default contains the following lines:
- Add the line -proxy-uri=http://myproxy.example.com:8888 as shown below:
-
Skip this step if Security.ps1 already exists in %ProgramFiles%\QlikView\Licenses\install-utils.
Open a text editor and paste the following into it:
Function Encrypt-WithMachineKey([Parameter(Mandatory = $True, ValueFromPipeline)] $input) { Add-Type -AssemblyName System.Security $bytes = [System.Text.Encoding]::Unicode.GetBytes($input) $secured = [Security.Cryptography.ProtectedData]::Protect($bytes, $null, [Security.Cryptography.DataProtectionScope]::LocalMachine) return [System.Convert]::ToBase64String($secured) } Function Decrypt-WithMachineKey([Parameter(Mandatory = $True, ValueFromPipeline)] $input) { Add-Type -AssemblyName System.Security $secured = [System.Convert]::FromBase64String($input) $bytes = [Security.Cryptography.ProtectedData]::Unprotect($secured, $null, [Security.Cryptography.DataProtectionScope]::LocalMachine) return [System.Text.Encoding]::Unicode.GetString($bytes) }
Name the file Security.ps1 and save it to %ProgramFiles%\Licenses\install-utils.
-
Skip this step if Encrypt-Password.ps1 already exists in %ProgramFiles%\QlikView\Licenses.
Open a text editor and paste the following into it:
Param( [string]$password ) $ErrorActionPreference = "Stop"; $contentLocation = $PSScriptRoot . $contentLocation/install-utils/Security.ps1 if (-not $password) { "Usage ./Encrypt-Password -password [password]" | Write-Host exit 1 } $password | Encrypt-WithMachineKey | Write-Host
Name the file Encrypt-Password.ps1 and save it to %ProgramFiles%\QlikView\Licenses.
-
Browse to %ProgramFiles%\QlikView\Licenses and run Encrypt-Password.ps1 [password for proxy access].
Example:
Encrypt-Password.ps1 123456Copy the generated encrypted password and use it in the next step.
- To require authentication on tunneling proxies add the following lines to the services.conf file:
-proxy-uri=[the uri of the proxy]
-proxy-auth-mode=ntlm|basic|(leave empty for no authentication)
-proxy-user=[username without domain]
-proxy-encrypted-password=[password]
-proxy-domain=[the domain] (only for NTLM) - Save and close the services.conf file.
- Restart the Qlik Sense Service Dispatcher.
- If you have a multi-node installation, repeat these steps for all the nodes in your installation.
%Program Files%\QlikView\ServiceDispatcher\service.conf
[licenses.parameters]
-qv-mode=true
-app-settings="..\Licenses\appsettings.json"
[licenses.parameters]
-qv-mode=true
-proxy-uri=http://myproxy.example.com:8888
-app-settings="..\Licenses\appsettings.json"
Where "http://myproxy.example.com" is the address of your company's proxy, and "8888" is the port used by the proxy.