Port Forwarding for a Cleaner URL

On this Page
Docs Menu
  • Explore
  • Develop
  • Administer
  • Setup
  • Changing the Looker Port Number

    A default Looker installation requires users to specify a port number as part of the URL when they access Looker. For example: https://looker.yourdomain.com:9999.

    For end-user convenience, it is possible to remove the :9999 from the base URL, creating something like https://looker.yourdomain.com.

    Please note that it is better to forward packets directly to Looker, rather than indirectly (through a web proxy), because Looker has functionality to stop a database query when it detects that the browser has canceled a request.

    It is possible to use Looker startup options to change the application’s port. However, the standard HTTPS port (443) would require running Looker as root, which is unsupported and not recommended.

    iptables on the Looker Host

    Looker can be accessed from a different port by using iptables. The script below will forward traffic from port 443 to 9999. It was written for Ubuntu Linux and might need to be modified if you are running a different Linux distribution.

    1. Create the script file:

      /etc/network/if-up.d/looker-https-forward
      
    2. Add these contents to the file:

      #!/bin/sh
      # Forward HTTPS traffic to the Looker app
      iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 9999
      
    3. Make it executable:

      sudo chmod 755 /etc/network/if-up.d/looker-https-forward
      
    4. Run the script, which will automatically run on the next system or network restart:

      sudo /etc/network/if-up.d/looker-https-forward
      

    xinetd on the Looker Host

    Another technique involves using xinetd.

    1. Make sure xinetd allows incoming traffic from all desired addresses. In the default section of /etc/xinetd.conf add:

      {
      only_from = 0.0.0.0
      # or replace 0.0.0.0 with an IP range
      # (i.e. 128.0.0.0/16) if desired
      }
      
    2. Create a file named: /etc/xinetd.d/lookerhttps

    3. Add these contents to the file:

      # default: on
      # description: Redirect HTTPS/443 requests to
      # Looker default port 9999
      service https
      {
      disable = no
      id = lookerhttps
      socket_type = stream
      protocol = tcp
      user = root
      wait = no
      redirect = 127.0.0.1 9999
      }
      

    Reverse Proxy Servers

    It is possible to use reverse proxies with Looker. Our suggested reverse proxy server is Nginx. It is the only reverse proxy we test and fully support, although we don’t necessarily prohibit other options. You can find a sample Nginx configuration here.

    Please note that the Apache reverse proxy has a bug in it that prevents Looker from being able to properly close connections. This means that every database query will run to completion, even if a user cancels it. For this reason, you should avoid using the Apache reverse proxy with Looker.

    Load Balancer

    There are many load balancers solutions available. From a high level, the load balancer would be configured to listen on port 443 and forward all requests to Looker on port 9999. In this case, your SSL server certificates would be installed on the load balancer.

    Next Step

    After you have configured port forwarding you’re ready to enable Looker Support Team access.

    Still have questions?
    Go to Discourse - or - Email Support
    Top