Reverse proxy plugin with SSL

Similar Messages

• Apache Proxy Plugin with SSL in Weblogic Cluster

  Hi,
  I have configured a weblogic cluster and configured SSL. Then I configured the apache plugin to work with the cluster machines with non ssl and worked succesfull but when I configured the ssl communication between apache and weblogic I´m having problems.
  The actual configuration is:
  <Location /spmlws>
  SetHandler weblogic-handler
  WLLogFile /var/log/httpd/tmpweblogic1.log
  DebugConfigInfo ON
  Debug ALL
  KeepAliveEnabled ON
  KeepAliveSecs 15
  WebLogicPort 7002
  SecureProxy ON
  TrustedCAFile /opt/freeware/etc/httpd/conf/trustedCA35cert.pem
  TrustedCAFile /opt/freeware/etc/httpd/conf/trustedCA36cert.pem
  WLProxySSL ON
  RequireSSLHostMatch false
  WebLogicCluster machine35:7002,machine36:7002
  EnforceBasicConstraints false
  </Location>
  The problem is that the plugin always takes the last TrustedCAFile. In this way if machine36 is down the plugin tries to send all the request to machine35 but it takes the TrustedCAFile for the machine36 (/opt/freeware/etc/httpd/conf/trustedCA36cert.pem) hence the apache complains
  [Wed Jun 30 11:13:56 2010] [error] [client 10.19.232.249] ap_proxy: trying GET /spmlws/OIMProvisioning at backend host '10.19.232.97/7002; got exception 'WRITE_ERROR_TO_SERVER [os error=0,  line 796 of ../nsapi/URL.cpp]: '
  What can I do to have multiple TrustedCAFile or to have working the communication between apache and weblogic cluster using SSL?
  thanks in advance

  Acording to the documentation this is not possible.
  One way to achieve the load balancing of n-weblogic servers in cluster using ssl is to configure de HttpClusterServlet.

• Reverse Proxy Plugin finer tuning

  Hi
  I have successfully setup the Web Reverse Proxy Plugin to remap the Messging Express part of uwc on the the same port.
  With (obj.conf):
  NameTrans fn="assign-name" from="/uwc(|/*)" name="uwc"
  NameTrans fn="assign-name" from="/*" name="messengerXpress"
  and:
  <object name="uwc">
  ObjectType fn="check-passthrough" type="magnus-internal/passthrough"
  </object>
  <object name="messengerXpress">
  Service fn="service-passthrough" servers="https://www.domain.com:8443"
  </object>
  It works well: when users ask for www.domain.com/uwc it just gets the normal uwc pages and when users asks anything else, it gets redirected to the webmail port of Messing Express.
  The little problem is with user that only type the first part of the url to find the login page, asking the doc root of the web server because they forget, i.e:
  https://www.domain.com
  their request gets remapped to the webmail LOGIN of Messaging Express instead:
  https://www.domain.com:8443
  They do not distinguish they are not on the Communication Express login page and the login is successful. They are now in the Messaing Express only application and do not understand why it looks so different and where is the Calendar.
  My question is how to change obj.conf rules to not come to the login page of the Messing Express when the base doc root is asked for, like: https://www.domain.com, and when the above changes in the obj.conf are made.
  I tried to put a redirect in the index.html, to go to the /uwc URI, but then this makes an infinite loop when accessing /
  I also would like to redirect non ssl http url to https ones.
  I found redirect/rewrite rules in obj.conf hard to understand and the doc does say too much. I would love to find more through example on this particular subject.
  Best regards
  Fran�ois

  Alas, I'm totally ignorant when it comes to working with a web server ...
  maybe one of our other folk will know, and be able to help.

• Debug Reverse Proxy Plugin

  Is there any way to debug the reverse proxy plugin? I am running the following plugin (info: PASS1000: Sun ONE Web Server 6.1SP3 Reverse Proxy Plugin B09/09/2004 11:59) on the following webserver( Sun ONE Web Server 6.1SP5 B06/23/2005 17:36).
  I have the following obj.conf file:
  #AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="assign-name" from="/amconsole(|/*)" name="default.system"
  NameTrans fn="assign-name" from="/amserver(|/*)" name="default.system"
  NameTrans fn="assign-name" from="/uwc(|/*)" name="default.system"
  NameTrans fn="assign-name" from="/*" name="messengerXpress"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn=pfx2dir from=/mc-icons dir="/opt/SUNWwbsvr/ns-icons" name="es-internal"
  NameTrans fn=document-root root="$docroot"
  PathCheck fn=unix-uri-clean
  PathCheck fn="check-acl" acl="default"
  PathCheck fn=find-pathinfo
  PathCheck fn=find-index index-names="index.html,home.html,index.jsp"
  ObjectType fn=type-by-extension
  ObjectType fn=force-type type=text/plain
  Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
  Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
  Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
  Service method=TRACE fn=service-trace
  Error fn="error-j2ee"
  AddLog fn=flex-log name="access"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="cgi">
  ObjectType fn=force-type type=magnus-internal/cgi
  Service fn=send-cgi user="$user" group="$group" chroot="$chroot" dir="$dir" nice="$nice"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="send-compressed">
  PathCheck fn="find-compressed"
  </Object>
  <Object name="compress-on-demand">
  Output fn="insert-filter" filter="http-compression"
  </Object>
  <Object name="default.system">
    ObjectType fn="check-passthrough" type="magnus-internal/passthrough"
  </Object>
  <Object name="messengerXpress">
    ObjectType fn="force-type" type="magnus-internal/passthrough"
    Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://uwc.unca.edu:8080"
  </Object>When I access http://uwc.unca.edu/ I expect to be forwarded to the login page on http://uwc.unca.edu:8080/. Instead I see the index.html page from the default web server.
  What is wrong with this setup?
  Thanks,
  Pete

  Dear elving,
  I am facing the problem to configure reverse proxy plugin.From webserver 6.1 sp8 I want to serve pages that are on application server
  our evirnonment
  INTERNET<---------->Sun Webserver 6.1sp8<---------->sun one application server
  only webserver is visible to internet & appserver is in intranet environment.
  no one will give hit directly to appserver.
  www.abc.com running on webserver on default port 80.If I type www.abc.com, displays its pages
  when I type www.abc.com/bsd it should serve the pages on app server without changing url in the browser
  ==================================================
  Here my configuration files
  obj.conf
  # You can edit this file, but comments and formatting changes
  # might be lost when the admin server makes changes.
  # Use only forward slashes in pathnames--backslashes can cause
  # problems. See the documentation for more information.
  <Object name="default">
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="assign-name" from="/idm" name="passthrough1"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="D:/Sun/WebServer6.1/ns-icons" name="es-internal"
  NameTrans fn="document-root" root="$docroot"
  PathCheck fn="nt-uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/imagemap" fn="imagemap"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
  #Service method=(GET|HEAD) type="*/*" fn="service-passthrough" servers="http://150.2.0.216"
  Service method="TRACE" fn="service-trace"
  Error fn="error-j2ee"
  AddLog fn="flex-log" name="access"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="cgi">
  ObjectType fn="force-type" type="magnus-internal/cgi"
  Service fn="send-cgi"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="passthrough1">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://150.2.0.216:8080/idm"
  </Object>
  ======================================
  magnus.conf
  # The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
  # They will not be supported in future releases of the Web Server.
  NetsiteRoot D:/Sun/WebServer6.1
  ServerName abc
  ServerID https-www.abc.com
  RqThrottle 128
  DNS off
  Security off
  ExtraPath D:/Sun/WebServer6.1/bin/https/bin
  Init fn=flex-init access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%"
  Init fn="load-modules" shlib="D:/Sun/WebServer6.1/bin/https/bin/j2eeplugin.dll" shlib_flags="(global|now)"
  Init fn="load-modules" shlib="D:/Sun/WebServer6.1/plugins/passthrough/passthrough.dll"
  funcs="init-passthrough,auth-passthrough,check-passthrough,service-passthrough" NativeThread="no"
  ============================
  Looking for ur reply
  Thanks in advance
  Edited by: madh0000 on Dec 10, 2007 8:27 PM

• Difference between reverse proxy plugin and java web proxy server

  Hello
  Can anyone please let me know what exactly is the difference between the reverse proxy plugin available with java system web server and the
  java web proxy server.
  Thanks
  Manik Gupta.

  The features are very closely related. The most notable and obvious difference is that The Web Proxy Server reverse proxy makes use of a content cache, while the reverse proxy of the Web Server does not cache results.
  Message was edited by:
  JoeMcCabe

• Help with Apache Reverse Proxy configuration with SAP Portal and SAP Webgui

  Dear Experts,
  I have an issue configuring Apache to work with SAP Portal and ERP webgui. Accessing Portal through Reverse Proxy is working fine. But the problem arises when we try to open an iView ERP webgui transaction page from Portal with the Reverse Proxy. Have anyone implemented similar requirements and could advice on the configuration required on the Apache side? Thank you

  hi,
  pls check the below links for reference:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/24396589-0a01-0010-3c8c-ab2e3acf6fe2
  searchsap.techtarget.com/searchSAP/downloads/chapter-december.pdf
  1)Learn to implement the reverse proxy filter and portal gateway in SAP Enterprise Portal 6.0 on Web Application Server 6.40.
  https:/.../irj/sdn/nw-portalandcollaboration?rid=/webcontent/uuid/006efe7b-1b73-2910-c4ae-f45aa408da5b
  .2 )Configuring the Portal for Your Reverse Proxy Filter Solution . ... This document describes the reverse proxy filter mechanism in SAP Enterprise ...
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/32ad9b90-0201-0010-3c8a-c900cd685f8f
  3)have full reverse proxy functionality. Possibly. filter. requests. Internet ... Reverse proxy (optionally with authentication etc.) ...
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/c066c390-0201-0010-3cba-cd42dfbcc8be
  Note:please reward points if solution found helpfull
  Regards
  Chandrakanth.k

• Reverse proxy plugin vs load balancer plugin

  Hi,
  May i know what is the differents between reverse proxy plugin(passthrough) and load balancer plugin?
  Regards
  haw_9368

  The Load Balancer plugin was designed specifcally to allow the Web Server to be a HTTP end-point for Sun Application Server. It is an ancestor of the Reverse Proxy Plugin (generally this version was changed to be tolerant of HTTP from any origin server, and performance improvements, etc). This plugin further evolved and was integrated into Web Server 7.0.

• Reverse proxy plugin does not like the POST method

  My second tier is not functionning properly when placed behind a S1WS6 with reverse proxy
  Client ====== SunOne web server with Passthrough ====== .NET app server & web services.
  The web server configuration (reverse proxy � libpassthrough.so) is configured and is working correctly when it comes to requesting normal pages, however a problem arises when the request is made either by:
  1- Invoking a web service on the .Net tier, or
  2- The .Net tier performs a server.transfer call within the same .net server (Page transfer)
  Keep in mind that the .Net tier works fine when not accessed through the reverse proxy.
  It seems that when a POST method is invoked, a Session Close is sent before data is sent back !!
  We tried to isolate the problem from different angles but came up short, the http server log shows that the request was made
  192.168.2.7 - - [14/Jul/2004:14:10:56 +0300] "POST /wavedms2.0/TestWebService/TestService.asmx HTTP/1.1" 100 0
  Although response 100 indicates that it is waiting for more, while the web service error shows the following:
  The underlying connection was closed: An unexpected error occurred on a receive.
  at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
  at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
  at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
  at TestWebService.oWebService.MyWebSvc.HelloWorld()
  at TestWebService.Form1.button1_Click(Object sender, EventArgs e)
  In general, any page that uses POST method faces the same problem.I appreciate any help you can provide us with a solution on this issue.

  The Application Server plugin, libpassthrough.so, was designed to connect Web Server to Application Server. Unfortunately, it does not work with IIS which sends unsolicited "HTTP/1.1 100 Continue" responses.

• SJSWS 7 u4 reverse proxy setup with client ip forwarding

  Hi,
  I am trying to set up a reverse proxy to glassfish enterprise 2.1 so that it will pass on the client ip address.
  I have added this line to my obj.conf file:
  ObjectType fn="forward-ip" hdr="Client-ip"
  Entire obj.conf below:
  <Object name="default">
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="/usr/webserver7/lib/icons" name="es-internal"
  NameTrans fn="map" from="/" name="reverse-proxy-/" to="http:/"
  PathCheck fn="uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index-j2ee"
  PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
  ObjectType fn="forward-ip" hdr="Client-ip"
  ObjectType fn="type-j2ee"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
  Service method="TRACE" fn="service-trace"
  Error fn="error-j2ee"
  AddLog fn="flex-log"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>And have added this property to the both of the glassfish http-listeners:
  authPassthroughEnabled=true
  However the when I use this piece of code:
  System.out.println(FacesContext.getCurrentInstance().getExternalContext().getRequest().getRemoteAddr())I see this in my glassfish logs
  [#|2009-03-26T17:32:47.457+1300|WARNING|sun-appserver2.1|org.apache.coyote.tomcat5.CoyoteRequest|_ThreadID=21;_ThreadName
  =httpSSLWorkerThread-8181-2;_RequestID=11ab6ecf-254c-4255-98d3-48856ab99b61;|PWC4013: Unable to determine client remote a
  ddress from proxy (returns null)|#]
  [#|2009-03-26T17:32:47.457+1300|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=httpSSL
  WorkerThread-8181-2;|
  127.0.1.1 ip address|#]
  There are no messages in the webserver logs
  Can anybody see something that I am doing wrong?
  Thanks in advance for your help,
  Gareth

  If Admin server shows its enabled, then it is enabled.
  You can add forward-ip line in obj.conf manually and restart the server just to be sure.
  Look at [http://forums.sun.com/thread.jspa?threadID=5344683|http://forums.sun.com/thread.jspa?threadID=5344683]. It says (in glassfish)
  "Add this property to all <http-listener> elements in your domain.xml:
  {code}<property name="authPassthroughEnabled" value="true"/>"                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Windows Intergrated Authentication with reverse proxy issue with Safari

  Hi All
  I having a application which has Windows Integrated Authentication, for Internet users we are having a reverse proxy which has a IIS server which will authenticate using basic authentication then redirected to the actual application, every thing works as expected in IE and firefox but in safari there is a second login dialog box appears. When I did a packet capture using wireshark I noticed that in IE and FF the basic authentication which is carried forward to the actual application from IIS server but in Safari there is a NTLM negotiation in between because there is a 401 response so my application asks for on more login dialog. Dose any one knows why safari is behaving like this?
  Thanks & Regards
  Karthikeyan Vaithilingam

  I found a related post https://discussions.apple.com/thread/3274071?start=0&tstart=0. There is an issue with basic authentication and Http Redirect.

• Using reverse proxy and terminating ssl on them

  Hello
  I am trying to set up IAS 9.03 on 2 machines one holding the infrastructure and one holding the midtier.
  We want to terminate the ssl traffic on reverse proxys on apache. I am not very good at this so i am looking for a solution i read that you can do this in the whitepapers on the subject IAS.
  Much thanks for any answer.
  Boris

  1) So initially we had the following:
  <Object name="reverse-proxy-/">
  Route fn="set-origin-server" server="http://server-backend"
  </Object>
  ... and when getting a 401 from the back-end server it would seem that entering credentials in the dialog prompt does not work as is OOB; had it worked we would not have attempted anything further and hence this post would not exist... if we directly access the back-end server our credentials work so that is not the issue.
  2) I agree that the "set-basic-auth" directive should be removed - as it is clearly to supply a user id and password - what was provided was a far fetched attempt to get this to work and will clearly remove it as well as the "forward-proxy-agent" and "forward-proxy-auth"
  When you configure Web Server 7.0 as a reverse proxy, basic auth should work out of the box. If it doesn't, I recommend looking at the HTTP messages to figure out what's gone wrong. If you don't know how to do that and you have a support contract, Sun support should be able to help you.That is interesting - is this OOB feature documented anywhere?
  I'll turn up the log level on the RP and see what happens - if I turn it high enough should I be able to see the request headers being forwarded; I'll also try to look at the backend server logs. Is there anything else you suggest - i.e. should be trying to snoop the traffic....

• Error Installing Reverse proxy plugin

  hi,
  I am following the exact steps given in the http://docs.sun.com/app/docs/doc/819-6510/6n8h5jos7?a=view#fundl
  to install the Web Proxy server. For that I have modified the magnus.conf and the obj.conf files as follows:-
  magnus.conf-- add the line
  Init fn="load-modules" shlib="D:/Sun/WebServer6.1/bin/https/bin/passthrough.dll" shlib_flags="(global|now)"
  obj.conf-- added the lines
  <Object name="default">
  NameTrans fn="assign-name" from="/jsp-examples(|/*)" name="server.example.com"
  </Object>
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  Servers="http://server.example.com:8080"
  User="blues" password="password"
  </Object>
  after this I am getting a log in the error file as
  [27/Nov/2006:21:47:17] config ( 2028): CORE3185: Invalid configuration: File config\server.xml, line 25, column 50: HTTP3258: Error processing obj.conf line 51: HTTP2212: Directives must have at least one parameter
  Can any body help me in solving this issue.
  thanks in advance
  dhawanmayur

  Hi,
  The servers and user parameters should be lowercase.
  Please try having it as follows:
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  servers="http://server.example.com:8080"
  user="blues" password="password"
  </Object>
  Please see example from
  http://docs.sun.com/app/docs/doc/819-6510/6n8h5jos7?a=
  view#fundl
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  servers="http://server.example.com:8080"
  user="blues"
  password="j4ke&elwOOd"
  </Object>
  Hi,
  The servers and user parameters should be lowercase.
  Please try having it as follows:
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  servers="http://server.example.com:8080"
  user="blues" password="password"
  </Object>
  Please see example from
  http://docs.sun.com/app/docs/doc/819-6510/6n8h5jos7?a=
  view#fundl
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  servers="http://server.example.com:8080"
  user="blues"
  password="j4ke&elwOOd"
  </Object>thanks roho,
  I had tried that scenario. but what mistake I was doing was , that the parameters server, username and password all have to be in same line.else it woulg give u an error like the one I was facing.
  thanks
  dhawanmayur

• Reverse Proxy with Firewall on Portal R2

  We are trying to configure Oracle Portal R2 in the reverse proxy mode. We have a Sun Enterprise 250 used in a single machine configuration. (Infr. and Mid tier on same machine)
  The webcache server is listening on server.company.com:7781
  The portal server is listening on server.company.com:7782
  The login server is listening on server.company.com:7780
  The proxy server is listening on www.company.com:81
  According to the Oracle Portal Config Guide we have followed the steps to configure Apache (inclusion of the virtual hosts, etc) and run the ptlasst script to reconfigure portal. While portal responds correctly on www.company.com:81 when i try to log on using the login link I get redirected to server.company.com:7780/...
  Obviously everything seems to be ok from within the LAN since i can see server.company.com, but via internet it doesnt work.
  Here is how we run the script:
  ./ptlasst.csh -mode MIDTIER -host www.company.com -port 81 -chost server.company.com -cport_i 4007 -i custom -c server.company.com:1521:iasdb -pwd xxxxxx
  How can we correct this problem? Do we need to run any other script?

  Hi Suraj,
  The following is the problem.
  We have Sun Enterprise 450 on which Oracle 9iAS Release 2 installed and we are trying to use reverse proxy plugin with iplanet, being installed on windows machine. In the hosts file i have mentioned the following required parameters ie.,
  oproxy.serverlist=ias1
  oproxy.ias1.hostname=http://192.168.1.12 - where Oracle 9iAS is installed
  oproxy.ias1.port=7779
  oproxy.ias1.urlrule=/*
  oproxy.ias1.alias=http://myoracleportal.peesh.com
  oproxy.ias1.stripcontext=false
  and whenever i restart iplanet server after this, here is the following log information.
  06/26/2002 11:57:52 AM: [op_nsapi_plugin.c (296)]: op_init: log_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/logs/oproxy.log server_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf
  06/26/2002 11:57:52 AM: [op_uri_map.c (128)]: Into op_uri_map_t::uri_map_alloc
  06/26/2002 11:57:52 AM: [op_uri_map.c (162)]: Into op_uri_map_t::uri_map_open
  06/26/2002 11:57:52 AM: [op_worker_list.c (37)]: op_worker_list_init: propfile=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf p=0x00DC8828 l=0x00DBDA70
  06/26/2002 11:57:52 AM: [op_worker_list.c (45)]: op_worker_list_init: numservers=1
  06/26/2002 11:57:52 AM: [op_worker_list.c (57)]: op_worker_list_init: inside loop, serverlist[0]=ias1
  06/26/2002 11:57:52 AM: [op_worker_list.c (73)]: op_worker_list_init: hostname=http://192.168.1.12
  06/26/2002 11:57:52 AM: [op_worker_list.c (82)]: op_worker_list_init: port=7779
  06/26/2002 11:57:53 AM: [op_uri_map.c (192)]: op_uri_map_t::uri_map_open, rule map size is 0
  06/26/2002 11:57:53 AM: [op_uri_map.c (325)]: op_uri_map_t::uri_map_open, done
  06/26/2002 11:57:53 AM: [op_nsapi_plugin.c (304)]: op_init: exiting
  I have a feeling that "oracle_proxy_nes.dll" maintains all the .conf file information in a stack, whose size is 0.
  pls see interpret this log the way you see.
  thanks in advance,
  gupta

• Apache Reverse Proxy: Domain problem

  Hi,
  I have a problem with Apache Reverse Proxy (Apache 2.2) and SAP Enterprise Portal 6.0.
  I configured Apache as a Reverse Proxy Server (with SSL)so that the portal is accessible through the internet. Everything is working fine but the OWA integration doesn't work over the Reverse Proxy.
  If I log on to <u>http://portalsrv.mydomain.xx:12345/irj</u> the OWA integration works fine with SSO and there is no problem with session management.
  If I log on to <u>https://revproxy.mydomain.zz:1234/irj</u> and want to open Outlook I get the message that Session management doesn't work. However the other components like ESS work fine. Deactivating the DSM Logger is not a solution to this problem.
  The Log tells me:
  1.
  Application domain 'mydomain.xx' differs from Portal domain 'mydomain.zz'.
  Session Management will not work for Application 'abc.mydomain.xx'
  2.
  Application schema 'http' differs from Portal schema 'https'.
  Session Management will not work for Application 'abc.mydomain.xx'
  Is there a possibility to write a Rewrite-Rule in the Apache-Conf?
  For instance:
  https://abc.mydomain.xx --> http://abc.mydomain.zz
  Does anybody made such a rule?
  I hope anybody can help me with the problem.
  Thank you

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• SSL Issue with reverse proxy module

  Hi there,
  I'm hoping someone can help me. I am using Sun ONE Web Server 6.1SP7 Reverse Proxy Plugin to connect to a backend server over SSL.
  However the backend server is reporting errors on the SSL handshake: SSL_ERROR_NO_CYPHER_OVERLAP
  I have installed ssldump and can see the following set of cipher suites are offered by the client (in this case, the reverse proxy module:
  New TCP connection #6: dptettsw02(62951) <-> dptdevss01(31006)
  6 1 0.0105 (0.0105) C>S SSLv2 compatible client hello
  Version 3.1
  cipher suites
  SSL2_CK_RC4
  SSL2_CK_RC2
  SSL2_CK_3DES
  SSL2_CK_DES
  SSL2_CK_RC4_EXPORT40
  SSL2_CK_RC2_EXPORT40
  TLS_RSA_WITH_RC4_128_MD5
  Unknown value 0xfeff
  TLS_RSA_WITH_3DES_EDE_CBC_SHA
  Unknown value 0xfefe
  TLS_RSA_WITH_DES_CBC_SHA
  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  TLS_RSA_EXPORT_WITH_RC4_40_MD5
  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  How do I configure the reverse proxy module to use a different cipher suite?
  Any help would be greatly appreciated and please let me know if anything is unclear
  Thanks!
  Kev

  Hi there.
  The server.xml file is below:
  <?xml version="1.0" encoding="UTF-8"?>
  <!--
  Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
  Use is subject to license terms.
  -->
  <!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///opt/SUNWwbsvr/servers/bin/https/dtds/sun-web-server_6_1.dtd">
  <SERVER qosactive="no" qosmetricsinterval="30" qosrecomputeinterval="100">
  <PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
  <PROPERTY name="user" value=""/>
  <PROPERTY name="group" value=""/>
  <PROPERTY name="chroot" value=""/>
  <PROPERTY name="nice" value=""/>
  <PROPERTY name="dir" value=""/>
  <PROPERTY name="accesslog" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/accessSSL"/>
  <LS id="group1" ip="0.0.0.0" port="2080" acceptorthreads="1" blocking="no" security="off" defaultvs="https-ETT03WEB02" servername="dptettsw02"/>
  <LS id="ls2_default" ip="0.0.0.0" port="20443" acceptorthreads="1" blocking="no" security="on" defaultvs="https-ETT03WEB02" servername="ptpcam-ptpett-drs.dwpptp.londondc.com">
  <SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="&#43;rc4,&#43;rc4export,&#43;rc2,&#43;rc2export,&#43;desede3,&#43;des" ssl3="on" ssl3tlsciphers="-rsa_rc4_128_sha,-rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,-rsa_3des_sha,-rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,&#43;rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,&#43;fortezza_null,-fips_3des_sha,-fips_des_sha" tls="on" tlsrollback="off" clientauth="off"/>
  </LS>
  <MIME id="mime1" file="mime.types"/>
  <ACLFILE id="acl1" file="/opt/SUNWwbsvr/servers/httpacl/generated.https-ETT03WEB02.acl"/>
  <VSCLASS id="defaultclass" objectfile="obj.conf" rootobject="default" acceptlanguage="off">
  <PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
  <PROPERTY name="user" value=""/>
  <PROPERTY name="group" value=""/>
  <PROPERTY name="chroot" value=""/>
  <PROPERTY name="nice" value=""/>
  <PROPERTY name="dir" value=""/>
  <VS id="https-ETT03WEB02" connections="group1" urlhosts="dptettsw02" mime="mime1" aclids="acl1" state="on">
  <USERDB id="default" database="default"/>
  </VS>
  <VS id="ETT03WEB02_SSL" connections="ls2_default" urlhosts="ptpcam-ptpett-web.dwpptp.londondc.com" mime="mime1" aclids="acl1" state="on">
  <USERDB id="default" database="default"/>
  </VS>
  </VSCLASS>
  <JAVA javahome="/opt/SUNWwbsvr/servers/bin/https/jdk" serverclasspath="/opt/SUNWwbsvr/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-ext.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-jstl.jar:/opt/SUNWwbsvr/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" debug="false" debugoptions="" dynamicreloadinterval="2">
  <JVMOPTIONS>-Dorg.xml.sax.parser=org.xml.sax.helpers.XMLReaderAdapter</JVMOPTIONS>
  <JVMOPTIONS>-Dorg.xml.sax.driver=org.apache.crimson.parser.XMLReaderImpl</JVMOPTIONS>
  <JVMOPTIONS>-Djava.security.policy=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/server.policy</JVMOPTIONS>
  <JVMOPTIONS>-Djava.security.auth.login.config=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/login.conf</JVMOPTIONS>
  <JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
  <JVMOPTIONS>-Xmx256m</JVMOPTIONS>
  <JVMOPTIONS>-Xrs</JVMOPTIONS>
  <SECURITY defaultrealm="file" anonymousrole="ANYONE" audit="false">
  <AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
  <PROPERTY name="file" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/keyfile"/>
  <PROPERTY name="jaas-context" value="fileRealm"/>
  </AUTHREALM>
  <AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
  <PROPERTY name="directory" value="ldap://localhost:389"/>
  <PROPERTY name="base-dn" value="o=isp"/>
  <PROPERTY name="jaas-context" value="ldapRealm"/>
  </AUTHREALM>
  <AUTHREALM name="certificate" classname="com.iplanet.ias.security.auth.realm.certificate.CertificateRealm"/>
  </SECURITY>
  <RESOURCES/>
  </JAVA>
  <LOG file="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/errors" loglevel="finest" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
  </SERVER>