DelightedD0D DelightedD0D - 28 days ago 12
Apache Configuration Question

Proxy a php page on internal network to use with Slack App

I've built a Slack App for our team.

I was able to create a Slack Button and used that to authorize the app with oauth.access

My Slack App adds a Slash Command to a channel in Slack

So far so good.

The Slash Command needs a

Request URL
which is simply the page that will receive the slash command payload and optionally, send a response back to the Slack channel.

Here's the rub, the server that host the page I need to use for the
Request URL
is on our internal network and only accessible to users on our VPN.


  • Our main site accessible to the world at, https://example.com

  • The server on which this page is hosted is at, https://slack.example.com which is only accessible to users on our VPN (both are apache 2.4 servers)

  • Anyone not on the VPN that requests slack.example.com is instead served https://example.com

  • It is not possible for me to move the php page to a server that is accessible outside our VPN (it's part of a larger application that can't be moved) but I can add a php page the serve that hosts https://example.com.



I'm thinking that I might be able to add a php page to
example.com
that could act as a proxy recieving messages from
slack.com
, passing them to
slack.example.com
then getting the response from
slack.example.com
and sending that response back to
slack.com
.

Is this possible, and if so, how would I go about it? I'm open to other solutions as well, possibly using Apache to do the proxying?

Answer

I would run the request page on a separate server in your DMZ functioning as proxy to the internal application server. Here is a brief description:

  1. The php script for the request url (=request page) needs to be accessible to the public internet, so that Slack can call it. I would put it on a separate server and I would put that server in the DMZ of your company. That is usually the best place for servers that need to be accessible from the outside, but also need to access servers on the inside of your company. Make sure to use SSL and the verification token to secure your calls from Slack.

  2. The request page can run on a small server and will need to have a webserver (e.g. apache) and php. If you planning to have more complex requests you may also need a database. It will also need to run SSL, so you will need a certificate. You can also use your existing webserver to the outside (example.com) if is meets these requirements.

  3. The request page needs to have access to your application server, e.g. via VPN. It would need to function as proxy: receive the request from Slack, make requests to the application server based on the specifics of the slash command and then return the info back to Slack.

  4. Another important point is user authentication. I read from your question that not all users on your Slack team should have access to the application server, so your request script needs to have a method to distinguish which users are allowed access and which are not. It would be easiest, if these users could be identified by membership of a specific Slack group. In any case you probably would need an additional bot that ensures mapping of Slack users to VPN users.

Comments