Usability - Productivity - Business - The web - Singapore & Twins

Adding a proxy to your Salesforce Communities

Running a community site might come with a number of interesting requirement:

  • Scan uploaded files for maleware or copyright violations
  • Filter language for profanities
  • Comply with local data retention rules (e.g. local before cloud)

For most of these task AppExchange will be the goto place to find solution. However sometimes you want to process before data hits the platform. This is the moment where you need a proxy.

Clicks not Code

To be ready to proxy, there are a few steps involved. I went through a few loops, to come to this working sequence:

  1. Register a domain. You will use it to run your community. Using a custom domain is essential to avoid https headaches later on
  2. Obtain a SSL certificate for the custom domain. The easiest part, if you have access to a public host, is to use LetsEncrypt to obtain the cert and then transform it to JKS. The certs are only valid for 90 days, but we only need it for a short while in JKS. On e.g. Nginx one can auto renew the certs
  3. Upload the cert into Salesforce in Security - Certificate and Key Management - Import from Keystore
  4. Follow the Steps 1 and 4 (you did 3 already). You need access to your DNS for that. The Domain needs to be fully qualified, you can't use your root (a DNS limitation). Let's say your base is acme.com and you want your partner community to be reachable at partners.acme.com and your Salesforce Org ID is 1234567890abcdefgh, then you need a CNAME entry that says partners -> partners.acme.com.1234567890abcdefgh.live.siteforce.com. Important: The entry needs to end with a DOT (.) otherwise CNAME tries to link it back to your domain
  5. Test the whole setup. Make sure you can use all community functions using the URL https://partners.acme.com/
  6. Now back to the DNS. Point the CNAME entry to your host (e.g. Heroku or delete it and create a A record pointing to e.g. DigitalOcean
  7. Make sure the Proxy sends the HOST header has the value of your custom domain, not the force.com. Your proxy serves as your own CDN

Little boomer: You can't do this in a sandbox or a developer org, needs to be production or trial.

Next stop: discuss what proxy to use and options to consider. As usual YMMV.

Posted by on 30 June 2019 | Comments (0) | categories: Salesforce Singapore


  1. No comments yet, be the first to comment