Zimlet Development :: Protocol Flow :: Security concerns with iFrame.
I am currently investigating how to write a custom zimlet. First I need to understand technically what the http protocol flow will be for my zimlet because there are security concerns. First, here is my current production zimbra environment.
browser from public ip:443 ---> firewall/router/NAT ---> apache2 reverse proxy:443 ---> zimbra:80
---> apache2 reverse proxy:443 ---> application servers:80 ---> DBMS servers:80
Apache2 reverse proxies are https servers all other servers are http.
My zimbra, application servers and DBMS servers and the like all operate using the http protocol behind the reverse proxies/firewalled.
My plan is to write a series of zimlets that will use zimlet iframes to capture application server data within the zimbra public ip browser.
The application servers are on the same lan that will feed the zimlets.
Somehow I want to code the zimlet to use the private url on port 80 to feed the iframe with application data. Is there a way to code a zimlet iframe using a private url within a public url to get this data back and forth over the secure:443 zimbra reverse proxy?
browser from public ip:443 ---> firewall/router/NAT ---> apache2 reverse proxy:443 ---> zimbra:80 ---> iframe zimlet:80 [embeded private url within public url?]
-------> application servers:80
--------> DBMS servers:80
Guest Ubuntu 12.04LTS x64 and Zimbra 8.0.5
Host CentOS 6.4 x64 :: KVM :: LVM :: Hardware RAID