By working on the support tickets, it was clear that this is way too complex. In addition, today’s architecture uses a hack for the session management (Lua/Perl script in the gateway) which leads to a timeout synchronization issue.
All those technologies run under Windows but not under Linux (blocked by WebApp).
Once the WebApp will be completely migrated, a rework will be required to remove it from the stack and to manage differently the session.
Reduce the number of components to simplify the setup.
1. Remove frontend
As it was already done for Nepal, the frontend code can be hosted in IIS. Because there is no “From” folder in the WebApp, it can be deployed along with the WebApp and it can be updated later without impacting the rest of the WebApp.
Because there is no drawback, the proposal is to include the reference build frontend within the WebApp release package in GitHub.
2. Solve the session timeout and remove the gateway
The complexity of removing the gateway comes from the Lua script used for the ibackend authentication that needs to be deployed on IIS. Even if there is a package called ISSLUA, it is not given that it will work with the reverse proxy setup.
A solution could be to make an “Authentication” service in C# (same as the REST API) that will act as a reverse proxy for the python ibackend (GraphQL). The advantage of the solution is to reuse the REST API’s authentication code and add some standard reverse proxy code. The potential drawback is the additional load on the WebApp, but this solution simplifies the scaling because it will support a perfectly sticky session on the frontend.
The backend doesn’t use the WebApp authentication but a file-based authentication. Therefore it should be easy to configure a reverse proxy (ARR and rewrite IIS module) and to disable anonymous access. Windows authentication could be used instead.
4. Remove the ibackend and backend
This step is maybe not required/wanted, but we could configure the backend as CGI in IIS and the ibackend as CGI called by a .net code (to use the same authentication as WebApp)