Reverse Proxy Plugin finer tuning

Hi
I have successfully setup the Web Reverse Proxy Plugin to remap the Messging Express part of uwc on the the same port.
With (obj.conf):
NameTrans fn="assign-name" from="/uwc(|/*)" name="uwc"
NameTrans fn="assign-name" from="/*" name="messengerXpress"
and:
<object name="uwc">
ObjectType fn="check-passthrough" type="magnus-internal/passthrough"
</object>
<object name="messengerXpress">
Service fn="service-passthrough" servers="https://www.domain.com:8443"
</object>
It works well: when users ask for www.domain.com/uwc it just gets the normal uwc pages and when users asks anything else, it gets redirected to the webmail port of Messing Express.
The little problem is with user that only type the first part of the url to find the login page, asking the doc root of the web server because they forget, i.e:
https://www.domain.com
their request gets remapped to the webmail LOGIN of Messaging Express instead:
https://www.domain.com:8443
They do not distinguish they are not on the Communication Express login page and the login is successful. They are now in the Messaing Express only application and do not understand why it looks so different and where is the Calendar.
My question is how to change obj.conf rules to not come to the login page of the Messing Express when the base doc root is asked for, like: https://www.domain.com, and when the above changes in the obj.conf are made.
I tried to put a redirect in the index.html, to go to the /uwc URI, but then this makes an infinite loop when accessing /
I also would like to redirect non ssl http url to https ones.
I found redirect/rewrite rules in obj.conf hard to understand and the doc does say too much. I would love to find more through example on this particular subject.
Best regards
Fran�ois

Alas, I'm totally ignorant when it comes to working with a web server ...
maybe one of our other folk will know, and be able to help.

Similar Messages

Reverse proxy plugin with SSL

Hi,
I'm trying to set up reverse proxy plugin that forwards requests from plain HTTP port on web server to SSL port on origin-server (sun web console)
I have followed instructions from [http://blogs.sun.com/meena/entry/configuring_reverse_proxy_in_web] to achieve this:
wadm create-reverse-proxy --user=admin --password-file=/.ws7pass --config=test --vs=test --uri-prefix=/console/ --server=https://webconsole:6789And part of my obj.conf related to reverse-proxy:
NameTrans fn="map" from="/console/" to="https:/" name="reverse-proxy-/console"
<Object ppath="https:*">
    Service fn="proxy-retrieve" method="*"
</Object>
<Object name="reverse-proxy-/console">
    Route fn="set-origin-server" server="https://webconsole:6789/"
</Object>When one tries to access http://test/console/ following messages appear in the log file:
fine    (27868): for host x.x.x.x trying to GET https:/, service-http reports: attempting to contact webconsole:6789
fine    (27868): for host x.x.x.x trying to GET https:/, attempting to resolve webconsole
fine    (27868): for host x.x.x.x trying to GET https:/, attempting to connect to 192.168.1.80:6789
fine    (27868): for host x.x.x.x trying to GET https:/, connected to 192.168.1.80:6789
failure (27868): for host x.x.x.x trying to GET https:/, service-http reports: HTTP7765: error reading response header (Server closed connection)
finest (27868): for host x.x.x.x trying to GET https:/, func_exec reports: executing fn="set-origin-server" server="https://webconsole:6789/" Directive="Route" magnus-internal=""
fine    (27868): for host x.x.x.x trying to GET https:/, set-origin-server reports: using server https://webconsole:6789
finest (27868): for host x.x.x.x trying to GET https:/, func_exec reports: fn="set-origin-server" server="https://webconsole:6789/" Directive="Route" magnus-internal="" returned 0 (REQ_PROCEED)
finest (27868): for host x.x.x.x trying to GET https:/, func_exec reports: fn="proxy-retrieve" method="*" Directive="Service" returned -1 (REQ_ABORTED)Any ideas?

Oh, sorry, when I'm accessing console through reverse proxy, nothing is written to the web console log initially, and these messages appear in the web server log (now loglevel=info):
[15/May/2008:15:52:41] failure (23204): for host x.x.x.x trying to GET https:/, service-http reports: HTTP7765: error reading response header (Server closed connection)
[15/May/2008:15:52:41] info    (23204): for host x.x.x.x trying to GET https:/, set-origin-server reports: HTTP7751: server https://webconsole:6789 offline
[15/May/2008:15:52:41] failure (23204): for host x.x.x.x trying to GET https:/, service-http reports: HTTP7765: error reading response header (Server closed connection)
[15/May/2008:15:52:41] failure (23204): for host x.x.x.x trying to GET https:/, service-http reports: HTTP7765: error reading response header (Server closed connection)After some time this message is written to webserver log:
[15/May/2008:15:53:02] info (23204): trying to OPTIONS https://webconsole:6789, check-http-server reports: HTTP7750: server https://webconsole:6789 onlineAnd simultaneously this message is written to webconsole log:
CoreSessionManagerFilter:doFilter | Request: https-mfwk-zone-6789: /

Reverse proxy plugin vs load balancer plugin

Hi,
May i know what is the differents between reverse proxy plugin(passthrough) and load balancer plugin?
Regards
haw_9368

The Load Balancer plugin was designed specifcally to allow the Web Server to be a HTTP end-point for Sun Application Server. It is an ancestor of the Reverse Proxy Plugin (generally this version was changed to be tolerant of HTTP from any origin server, and performance improvements, etc). This plugin further evolved and was integrated into Web Server 7.0.

Debug Reverse Proxy Plugin

Is there any way to debug the reverse proxy plugin? I am running the following plugin (info: PASS1000: Sun ONE Web Server 6.1SP3 Reverse Proxy Plugin B09/09/2004 11:59) on the following webserver( Sun ONE Web Server 6.1SP5 B06/23/2005 17:36).
I have the following obj.conf file:
#AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="assign-name" from="/amconsole(|/*)" name="default.system"
NameTrans fn="assign-name" from="/amserver(|/*)" name="default.system"
NameTrans fn="assign-name" from="/uwc(|/*)" name="default.system"
NameTrans fn="assign-name" from="/*" name="messengerXpress"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn=pfx2dir from=/mc-icons dir="/opt/SUNWwbsvr/ns-icons" name="es-internal"
NameTrans fn=document-root root="$docroot"
PathCheck fn=unix-uri-clean
PathCheck fn="check-acl" acl="default"
PathCheck fn=find-pathinfo
PathCheck fn=find-index index-names="index.html,home.html,index.jsp"
ObjectType fn=type-by-extension
ObjectType fn=force-type type=text/plain
Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
Service method=TRACE fn=service-trace
Error fn="error-j2ee"
AddLog fn=flex-log name="access"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="cgi">
ObjectType fn=force-type type=magnus-internal/cgi
Service fn=send-cgi user="$user" group="$group" chroot="$chroot" dir="$dir" nice="$nice"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="send-compressed">
PathCheck fn="find-compressed"
</Object>
<Object name="compress-on-demand">
Output fn="insert-filter" filter="http-compression"
</Object>
<Object name="default.system">
ObjectType fn="check-passthrough" type="magnus-internal/passthrough"
</Object>
<Object name="messengerXpress">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://uwc.unca.edu:8080"
</Object>When I access http://uwc.unca.edu/ I expect to be forwarded to the login page on http://uwc.unca.edu:8080/. Instead I see the index.html page from the default web server.
What is wrong with this setup?
Thanks,
Pete

Dear elving,
I am facing the problem to configure reverse proxy plugin.From webserver 6.1 sp8 I want to serve pages that are on application server
our evirnonment
INTERNET<---------->Sun Webserver 6.1sp8<---------->sun one application server
only webserver is visible to internet & appserver is in intranet environment.
no one will give hit directly to appserver.
www.abc.com running on webserver on default port 80.If I type www.abc.com, displays its pages
when I type www.abc.com/bsd it should serve the pages on app server without changing url in the browser
==================================================
Here my configuration files
obj.conf
# You can edit this file, but comments and formatting changes
# might be lost when the admin server makes changes.
# Use only forward slashes in pathnames--backslashes can cause
# problems. See the documentation for more information.
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="assign-name" from="/idm" name="passthrough1"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="D:/Sun/WebServer6.1/ns-icons" name="es-internal"
NameTrans fn="document-root" root="$docroot"
PathCheck fn="nt-uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/imagemap" fn="imagemap"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
#Service method=(GET|HEAD) type="*/*" fn="service-passthrough" servers="http://150.2.0.216"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log" name="access"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="passthrough1">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://150.2.0.216:8080/idm"
</Object>
======================================
magnus.conf
# The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
# They will not be supported in future releases of the Web Server.
NetsiteRoot D:/Sun/WebServer6.1
ServerName abc
ServerID https-www.abc.com
RqThrottle 128
DNS off
Security off
ExtraPath D:/Sun/WebServer6.1/bin/https/bin
Init fn=flex-init access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%"
Init fn="load-modules" shlib="D:/Sun/WebServer6.1/bin/https/bin/j2eeplugin.dll" shlib_flags="(global|now)"
Init fn="load-modules" shlib="D:/Sun/WebServer6.1/plugins/passthrough/passthrough.dll"
funcs="init-passthrough,auth-passthrough,check-passthrough,service-passthrough" NativeThread="no"
============================
Looking for ur reply
Thanks in advance
Edited by: madh0000 on Dec 10, 2007 8:27 PM

Difference between reverse proxy plugin and java web proxy server

Hello
Can anyone please let me know what exactly is the difference between the reverse proxy plugin available with java system web server and the
java web proxy server.
Thanks
Manik Gupta.

The features are very closely related. The most notable and obvious difference is that The Web Proxy Server reverse proxy makes use of a content cache, while the reverse proxy of the Web Server does not cache results.
Message was edited by:
JoeMcCabe

Reverse proxy plugin does not like the POST method

My second tier is not functionning properly when placed behind a S1WS6 with reverse proxy
Client ====== SunOne web server with Passthrough ====== .NET app server & web services.
The web server configuration (reverse proxy � libpassthrough.so) is configured and is working correctly when it comes to requesting normal pages, however a problem arises when the request is made either by:
1- Invoking a web service on the .Net tier, or
2- The .Net tier performs a server.transfer call within the same .net server (Page transfer)
Keep in mind that the .Net tier works fine when not accessed through the reverse proxy.
It seems that when a POST method is invoked, a Session Close is sent before data is sent back !!
We tried to isolate the problem from different angles but came up short, the http server log shows that the request was made
192.168.2.7 - - [14/Jul/2004:14:10:56 +0300] "POST /wavedms2.0/TestWebService/TestService.asmx HTTP/1.1" 100 0
Although response 100 indicates that it is waiting for more, while the web service error shows the following:
The underlying connection was closed: An unexpected error occurred on a receive.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at TestWebService.oWebService.MyWebSvc.HelloWorld()
at TestWebService.Form1.button1_Click(Object sender, EventArgs e)
In general, any page that uses POST method faces the same problem.I appreciate any help you can provide us with a solution on this issue.

The Application Server plugin, libpassthrough.so, was designed to connect Web Server to Application Server. Unfortunately, it does not work with IIS which sends unsolicited "HTTP/1.1 100 Continue" responses.

Error Installing Reverse proxy plugin

hi,
I am following the exact steps given in the http://docs.sun.com/app/docs/doc/819-6510/6n8h5jos7?a=view#fundl
to install the Web Proxy server. For that I have modified the magnus.conf and the obj.conf files as follows:-
magnus.conf-- add the line
Init fn="load-modules" shlib="D:/Sun/WebServer6.1/bin/https/bin/passthrough.dll" shlib_flags="(global|now)"
obj.conf-- added the lines
<Object name="default">
NameTrans fn="assign-name" from="/jsp-examples(|/*)" name="server.example.com"
</Object>
<Object name="server.example.com">
# Proxy the requested resource to the URL
# "http://server.example.com:8080"
Service fn="service-passthrough"
Servers="http://server.example.com:8080"
User="blues" password="password"
</Object>
after this I am getting a log in the error file as
[27/Nov/2006:21:47:17] config ( 2028): CORE3185: Invalid configuration: File config\server.xml, line 25, column 50: HTTP3258: Error processing obj.conf line 51: HTTP2212: Directives must have at least one parameter
Can any body help me in solving this issue.
thanks in advance
dhawanmayur

Hi,
The servers and user parameters should be lowercase.
Please try having it as follows:
<Object name="server.example.com">
# Proxy the requested resource to the URL
# "http://server.example.com:8080"
Service fn="service-passthrough"
servers="http://server.example.com:8080"
user="blues" password="password"
</Object>
Please see example from
http://docs.sun.com/app/docs/doc/819-6510/6n8h5jos7?a=
view#fundl
<Object name="server.example.com">
# Proxy the requested resource to the URL
# "http://server.example.com:8080"
Service fn="service-passthrough"
servers="http://server.example.com:8080"
user="blues"
password="j4ke&elwOOd"
</Object>
Hi,
The servers and user parameters should be lowercase.
Please try having it as follows:
<Object name="server.example.com">
# Proxy the requested resource to the URL
# "http://server.example.com:8080"
Service fn="service-passthrough"
servers="http://server.example.com:8080"
user="blues" password="password"
</Object>
Please see example from
http://docs.sun.com/app/docs/doc/819-6510/6n8h5jos7?a=
view#fundl
<Object name="server.example.com">
# Proxy the requested resource to the URL
# "http://server.example.com:8080"
Service fn="service-passthrough"
servers="http://server.example.com:8080"
user="blues"
password="j4ke&elwOOd"
</Object>thanks roho,
I had tried that scenario. but what mistake I was doing was , that the parameters server, username and password all have to be in same line.else it woulg give u an error like the one I was facing.
thanks
dhawanmayur

WebServer 6.1 SP3 SSL reverse proxy to Sun One Application Server 7

I have an application in the appserver7 that requires SSL authentication. I have already installed a self cert in the appserver7, and the authentication works fine when I browse directly to the appserver.
The appserver7 has both listener for port 80 and 443 enabled.
I'm currently setting up a webserver (WebServer 6.1 SP3) to act as a reverse proxy to the appserver7. The reverse proxy for the basic jsp pages found in the appserver worked fine.
When I try to access the login page, in the appserver, in ssl mode, I am unable to do so. I then try changing the obj.conf to the following, from http to https:
<Object name="passthrough">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service fn="service-passthrough" method="(GET|HEAD|POST)" servers="https://172.2
8.48.53"
However, it still doesn't work.
Do I need to install a self cert in the webserver and enable the ssl listener as well?
Do I need to install any reverse proxy addon for the appserver? Any
setup for the obj.conf in the appserver?
Any ideas how to get this done?
Thanks.
Mac.

The Web Server 6.1 SP3 Reverse Proxy Plugin is supported, but it sounds like you're trying to do something that simply isn't possible.
If you want the Reverse Proxy Plugin to perform SSL mutual authentication with the Application Server using the client's certificate, that's impossible due to the nature of SSL mutual authentication. If the plugin could impersonate the client, then SSL would be vulnerable to MITM (Man In The Middle Attacks). Fortunately, SSL isn't vulnerable to such attacks because the plugin doesn't know the client's private key.
If you simply want the Reverse Proxy Plugin to pass information about the client's certificate along to the Application Server, that hapens automatically. There's nothing special to configure. Note that the plugin will not authenticate to the Application Server in this case. Rather, it will simply copy the X.509 certificate into the proprietary Proxy-auth-cert: HTTP request header.
The application running on the Application Server can inspect the Proxy-auth-cert: header using standard Servlet APIs. Alternatively, you can use Application Server 7's auth-passthrough AuthTrans SAF to cause the contents of the Proxy-auth-cert: header to be copied to the javax.servlet.request.X509Certificate Servlet attribute.

Web Server 7 Reverse Proxy URI Config

I am testing WS 7.2 to replace WS 6.1 and need input on the configuration of the reverse proxy setup. We currently are using the reverse proxy plugin on our 6.1 servers but I cannot get the same configuration to work on 7.2. I have followed the admin document but I don't want to use / as my URI. I need to only proxy requests for URLs that end in *cfm. Can I configure the new server to work like the 6.1 version?
6.1 Config
=======
obj.conf
NameTrans fn="assign-name" from="(*.cfm)" name="passthrough"
<Object name="passthrough">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://host:8281"
Error reason="Bad Gateway" fn="send-error" uri="$docroot/badgateway.html"
</Object>
magnus.conf
Init fn="load-modules" shlib="/opt/SUNWwbsvr/plugins/passthrough/libpassthrough.so" funcs="init-passthrough,auth-passthrough,check-pass
through,service-passthrough" NativeThread="no"
Init fn="init-passthrough"

In Web Server 7.0 you can use built in reverse proxy feature rather than using libpassthrough.so
configuring reverse proxy
http://docs.sun.com/app/docs/doc/820-2202/gdabp?l=en&a=view
http://docs.sun.com/app/docs/doc/820-2204/create-reverse-proxy-1?l=en&a=view
More information about map SAF :
http://docs.sun.com/app/docs/doc/820-2203/gdhnz?l=en&a=view
set-origin-server sAF:
http://docs.sun.com/app/docs/doc/820-2203/gdhqc?l=en&a=view
Blogs :
http://blogs.sun.com/meena/entry/configuring_reverse_proxy_in_sun

Sun One Application Server 7 SSL Reverse Proxy Setup?

Hi,
I've made a similiar post on the Web Server forum,
http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
I've noticed there's a reverse proxy plug in setup for Web Server,
as well as a AddOn package for Application Server.
I've so far successfully installed the reverse proxy plugin for
the Web Server and it manage to passthrough the jsp contents
to the Application Server.
There's a file in our application server, Step2Cert.jsp in the
appserver that requires to be viewed/accessed in https mode
and I'm guessing the Web Server to Application Server communication
should be in https?
Anywhere I can find references on how this can be done?
My two references:
Web Server Reverse Proxy Plug-in
http://docs.sun.com/source/819-0902-05/rpp61.html
Web Server and Application Server setup for passthrough
http://docs.sun.com/source/819-2783/agplugin.html
I've not installed the AddOn package for the Appserver yet. But
I figured I should, right? I'm rather confused about the two
package.
Thanks,
Mac.

Hi,
I've made a similiar post on the Web Server forum,
http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
I've noticed there's a reverse proxy plug in setup for Web Server,
as well as a AddOn package for Application Server.
I've so far successfully installed the reverse proxy plugin for
the Web Server and it manage to passthrough the jsp contents
to the Application Server.
There's a file in our application server, Step2Cert.jsp in the
appserver that requires to be viewed/accessed in https mode
and I'm guessing the Web Server to Application Server communication
should be in https?
Anywhere I can find references on how this can be done?
My two references:
Web Server Reverse Proxy Plug-in
http://docs.sun.com/source/819-0902-05/rpp61.html
Web Server and Application Server setup for passthrough
http://docs.sun.com/source/819-2783/agplugin.html
I've not installed the AddOn package for the Appserver yet. But
I figured I should, right? I'm rather confused about the two
package.
Thanks,
Mac.

Oracle Java Web Server 6.1 / 7.0 Reverse Proxy

Hello everyone,
I have just installed both Sun Java Web Server versions 6.1 and 7.0 on Windows x86, trying to configure the Reverse Proxy Plugin, but none of the installations came with the libpassthrough.dll file mentioned in several documentations.
I have searched both Google and Oracle websites but links on Google point to the former sun.com website and Oracle gives nothing :(
update: I've installed Oracle iPlanet Web Server 7.0.15 and got only digest, fastcgi, htaccess and loadbal in the plugins folder, no libpassthrough :( Help!
Does anybody know where can i get the Reverse Proxy Plugin for Windows ?
Thank you very much,
Daniel.
Edited by: user2579623 on 07/08/2012 13:19

In 6.1, the libpassthrough library comes in a separate download, usually with the application server, ie glassfish. In 7.x it is build in so there is no separate library to add, the functionality is just there and can even be configured from the web admin interface. Just use web server 7 and have a look at the admin console.

Reverse Proxy with Firewall on Portal R2

We are trying to configure Oracle Portal R2 in the reverse proxy mode. We have a Sun Enterprise 250 used in a single machine configuration. (Infr. and Mid tier on same machine)
The webcache server is listening on server.company.com:7781
The portal server is listening on server.company.com:7782
The login server is listening on server.company.com:7780
The proxy server is listening on www.company.com:81
According to the Oracle Portal Config Guide we have followed the steps to configure Apache (inclusion of the virtual hosts, etc) and run the ptlasst script to reconfigure portal. While portal responds correctly on www.company.com:81 when i try to log on using the login link I get redirected to server.company.com:7780/...
Obviously everything seems to be ok from within the LAN since i can see server.company.com, but via internet it doesnt work.
Here is how we run the script:
./ptlasst.csh -mode MIDTIER -host www.company.com -port 81 -chost server.company.com -cport_i 4007 -i custom -c server.company.com:1521:iasdb -pwd xxxxxx
How can we correct this problem? Do we need to run any other script?

Hi Suraj,
The following is the problem.
We have Sun Enterprise 450 on which Oracle 9iAS Release 2 installed and we are trying to use reverse proxy plugin with iplanet, being installed on windows machine. In the hosts file i have mentioned the following required parameters ie.,
oproxy.serverlist=ias1
oproxy.ias1.hostname=http://192.168.1.12 - where Oracle 9iAS is installed
oproxy.ias1.port=7779
oproxy.ias1.urlrule=/*
oproxy.ias1.alias=http://myoracleportal.peesh.com
oproxy.ias1.stripcontext=false
and whenever i restart iplanet server after this, here is the following log information.
06/26/2002 11:57:52 AM: [op_nsapi_plugin.c (296)]: op_init: log_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/logs/oproxy.log server_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf
06/26/2002 11:57:52 AM: [op_uri_map.c (128)]: Into op_uri_map_t::uri_map_alloc
06/26/2002 11:57:52 AM: [op_uri_map.c (162)]: Into op_uri_map_t::uri_map_open
06/26/2002 11:57:52 AM: [op_worker_list.c (37)]: op_worker_list_init: propfile=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf p=0x00DC8828 l=0x00DBDA70
06/26/2002 11:57:52 AM: [op_worker_list.c (45)]: op_worker_list_init: numservers=1
06/26/2002 11:57:52 AM: [op_worker_list.c (57)]: op_worker_list_init: inside loop, serverlist[0]=ias1
06/26/2002 11:57:52 AM: [op_worker_list.c (73)]: op_worker_list_init: hostname=http://192.168.1.12
06/26/2002 11:57:52 AM: [op_worker_list.c (82)]: op_worker_list_init: port=7779
06/26/2002 11:57:53 AM: [op_uri_map.c (192)]: op_uri_map_t::uri_map_open, rule map size is 0
06/26/2002 11:57:53 AM: [op_uri_map.c (325)]: op_uri_map_t::uri_map_open, done
06/26/2002 11:57:53 AM: [op_nsapi_plugin.c (304)]: op_init: exiting
I have a feeling that "oracle_proxy_nes.dll" maintains all the .conf file information in a stack, whose size is 0.
pls see interpret this log the way you see.
thanks in advance,
gupta

SSL Issue with reverse proxy module

Hi there,
I'm hoping someone can help me. I am using Sun ONE Web Server 6.1SP7 Reverse Proxy Plugin to connect to a backend server over SSL.
However the backend server is reporting errors on the SSL handshake: SSL_ERROR_NO_CYPHER_OVERLAP
I have installed ssldump and can see the following set of cipher suites are offered by the client (in this case, the reverse proxy module:
New TCP connection #6: dptettsw02(62951) <-> dptdevss01(31006)
6 1 0.0105 (0.0105) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
SSL2_CK_RC4
SSL2_CK_RC2
SSL2_CK_3DES
SSL2_CK_DES
SSL2_CK_RC4_EXPORT40
SSL2_CK_RC2_EXPORT40
TLS_RSA_WITH_RC4_128_MD5
Unknown value 0xfeff
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfefe
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
How do I configure the reverse proxy module to use a different cipher suite?
Any help would be greatly appreciated and please let me know if anything is unclear
Thanks!
Kev

Hi there.
The server.xml file is below:
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///opt/SUNWwbsvr/servers/bin/https/dtds/sun-web-server_6_1.dtd">
<SERVER qosactive="no" qosmetricsinterval="30" qosrecomputeinterval="100">
<PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
<PROPERTY name="user" value=""/>
<PROPERTY name="group" value=""/>
<PROPERTY name="chroot" value=""/>
<PROPERTY name="nice" value=""/>
<PROPERTY name="dir" value=""/>
<PROPERTY name="accesslog" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/accessSSL"/>
<LS id="group1" ip="0.0.0.0" port="2080" acceptorthreads="1" blocking="no" security="off" defaultvs="https-ETT03WEB02" servername="dptettsw02"/>
<LS id="ls2_default" ip="0.0.0.0" port="20443" acceptorthreads="1" blocking="no" security="on" defaultvs="https-ETT03WEB02" servername="ptpcam-ptpett-drs.dwpptp.londondc.com">
<SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="+rc4,+rc4export,+rc2,+rc2export,+desede3,+des" ssl3="on" ssl3tlsciphers="-rsa_rc4_128_sha,-rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,-rsa_3des_sha,-rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,+rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,+fortezza_null,-fips_3des_sha,-fips_des_sha" tls="on" tlsrollback="off" clientauth="off"/>
</LS>
<MIME id="mime1" file="mime.types"/>
<ACLFILE id="acl1" file="/opt/SUNWwbsvr/servers/httpacl/generated.https-ETT03WEB02.acl"/>
<VSCLASS id="defaultclass" objectfile="obj.conf" rootobject="default" acceptlanguage="off">
<PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
<PROPERTY name="user" value=""/>
<PROPERTY name="group" value=""/>
<PROPERTY name="chroot" value=""/>
<PROPERTY name="nice" value=""/>
<PROPERTY name="dir" value=""/>
<VS id="https-ETT03WEB02" connections="group1" urlhosts="dptettsw02" mime="mime1" aclids="acl1" state="on">
<USERDB id="default" database="default"/>
</VS>
<VS id="ETT03WEB02_SSL" connections="ls2_default" urlhosts="ptpcam-ptpett-web.dwpptp.londondc.com" mime="mime1" aclids="acl1" state="on">
<USERDB id="default" database="default"/>
</VS>
</VSCLASS>
<JAVA javahome="/opt/SUNWwbsvr/servers/bin/https/jdk" serverclasspath="/opt/SUNWwbsvr/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-ext.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-jstl.jar:/opt/SUNWwbsvr/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" debug="false" debugoptions="" dynamicreloadinterval="2">
<JVMOPTIONS>-Dorg.xml.sax.parser=org.xml.sax.helpers.XMLReaderAdapter</JVMOPTIONS>
<JVMOPTIONS>-Dorg.xml.sax.driver=org.apache.crimson.parser.XMLReaderImpl</JVMOPTIONS>
<JVMOPTIONS>-Djava.security.policy=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/server.policy</JVMOPTIONS>
<JVMOPTIONS>-Djava.security.auth.login.config=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/login.conf</JVMOPTIONS>
<JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
<JVMOPTIONS>-Xmx256m</JVMOPTIONS>
<JVMOPTIONS>-Xrs</JVMOPTIONS>
<SECURITY defaultrealm="file" anonymousrole="ANYONE" audit="false">
<AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
<PROPERTY name="file" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/keyfile"/>
<PROPERTY name="jaas-context" value="fileRealm"/>
</AUTHREALM>
<AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<PROPERTY name="directory" value="ldap://localhost:389"/>
<PROPERTY name="base-dn" value="o=isp"/>
<PROPERTY name="jaas-context" value="ldapRealm"/>
</AUTHREALM>
<AUTHREALM name="certificate" classname="com.iplanet.ias.security.auth.realm.certificate.CertificateRealm"/>
</SECURITY>
<RESOURCES/>
</JAVA>
<LOG file="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/errors" loglevel="finest" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
</SERVER>

Reverse Proxy plug in and Load Balancer Plug in

Hi,
Can anyone please provide me with an example obj.conf file showing how to combine the reverse proxy plug-in and Load Balancer plug-in.
I would like to use the reverse proxy plug in to detect when static content is requested and provide this from the web server. Requests for dynamic content would then be forwarded to an Application server via the Load balancer plug-in. I have found plenty of documentation on how to configure these plug-in separately but nothing on how to combine the two.

smiking
reverse proxy plugin - its job is to forward the requests to another server for a specific task. you can use the webserver 7 . it does forward and limited load balancing (using round robin ) based on the number of servers you provide in the configuration. i would say this is a poor man's setup.
load balancer plugin - some app servers like sun java system app server or web logic provide this plugin so that you can effectively use the back end app server
with both these setup, you can <if> constructs to determine which requests need to be forwarded to the back end server.
I wonder, why do you need both - if both of them is designed to do the same thing.

Reverse proxy and logs in Proxy Server 3.6SP2

Hello ALL!
I am using Cache server as a reverse proxy. I setup it for one internal server. It works great.
Now I am trying to use Virtual Multihosting. So I made mappings as required:
host1.domain.com -> int1.domain.com
host2.domain.com -> int2.domain.com
It works.
But server logs requests for all servers into one file. I need to have separate log for each virtual host.
I've made templates like
http://host1.domain.com.*
http://int1.domain.com.*
http://host2.domain.com.*
http://int2.domain.com.*
and setup log for each.
None is working. Only "entire server" logs.
Please help me separate logs.

Yes, it is possible. You have two options:
1. Use the same virtual server class for both virtual servers and use the <Client> tag to specify urlhost-specific configuration.
2. Use a separate virtual server class (with a separate obj.conf file) for each virtual server.
With option 1, part of your obj.conf file might look like the following:<Client urlhost="www.server1.com">
NameTrans fn="assign-name" from="/app1(|*)" name="passthrough"
</Client>With option 2, you would configure the Reverse Proxy Plugin in only one of the two obj.conf files.

Reverse Proxy Plugin finer tuning

Similar Messages

Maybe you are looking for