Skip to main content

Table of Contents

Pega Customer Service Chat in a reverse proxy server


Only available versions of this content are shown in the dropdown

You can enforce restricted access to your Pega application instances, whether you use an on-premise server or Pega Cloud® Services. When you confine the access to your Pega Customer Service application, you can still make the Pega Customer Service Chat accessible to end-users. You can provide public access to Pega Customer Service Chat while keeping the Pega account restricted as follows:

Reverse proxy server for Pega Web Chatbot

You can use several types of servers to implement the reverse proxy functionality, ranging from Microsoft Internet Information Services (IIS) web servers to enterprise-class network devices.

To configure Pega Customer Service Chat behind a reverse proxy server, you need to complete the following two configurations:

  1. You configure the reverse proxy server to allow requests matching the following patterns:
    • wss://{ClientSelfServiceApp}
  2. If Transport Layer Security (TLS) is terminated in the reverse proxy server, to inform Pega Platform to use HTTPS for constructing absolute URLs, set the value of X-Forwarded-Proto as HTTPS.
    You need not set the value of X-Forwarded-Proto for Pega Cloud Services instances.

Include a web application firewall for increased security

Deploying a web application firewall in the reverse proxy server protects your Pega account from malicious web traffic that is intended to exploit any security vulnerabilities.

Implementing web firewall security is optional for the Pega Cloud accounts as Pega Cloud Security team manages the application security of your accounts.

Reverse proxy IP addresses as allowed source of traffic with Pega Cloud support

To provide a secure connection, most clients whose Pega Cloud Services applications are private (that is, not accessible through an open internet connection) use a VPN connection between their network and their Pega Cloud Services environments. Users need access to the VPN to use their applications.

To allow end-user access to Pega through the reverse proxy server, you list the reverse proxy server IP addresses as safe. This way, you can create a list of trusted IP addresses or ranges from which your users can access your domains without using a VPN connection.

To add the IP address of your reverse proxy server, your Cloud Security contact needs to approve it. They should raise a support request that is reviewed and approved by Pega security team.

Web socket support in the reverse proxy server

Pega Customer Service uses the WebSocket protocol for bi-directional communication between the chat client, the Pega Customer Service server, and the Pega Customer Service chat server. For efficient performance and high availability of Pega Customer Service Chat, you need to enable the WebSocket protocol in the reverse proxy server by following the reverse proxy product instructions.

The reverse proxy server domain name in the trusted origins in the CS application

To open a channel between the host site and a Pega application, configure the application permissions by specifying a list of trusted domains in the CS Application rule. You add the reverse proxy server domains to the CS application rule as trusted origins. The list contains the URLs on which you are deploying the Pega Customer Service chatbot and informs Pega that the chatbot requests originating from those web pages are legitimate.

Suggest Edit
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us