Apache installation for reverse proxy in linux for portal
dear all,
can u please guide me where to download the openssl apache foe linux for the reverse proxy
regards
revanth
Google is your friend...
It will take 15 seconds !
Regards,
Olivier
Similar Messages
-
Issues in ssl configuration with apache server (using reverse proxy)
Hi,
I am able to use apache server as a reverse proxy to connect to Portal. When I enter the web server url as https://mywebserver.com, I am able to connect to the http url of the Portal. But the moment I try to connect to the https url of Portal with this https url, I am not able to connect to the Portal. Thus I am not able to use apache as a proxy server for https connections it makes. What must I do. I read that mod_proxy_connect needs to be used, but how do I use this?
The second problem is that I need to use more than one kind of mapping.
For example I must be redirected to the Portal even if I use http://webserver.com , or even if I use https://webserver.com or even if I use http://webserver.com/irj or https://webserver.com/irj or http://ipaddress-websserver/irj etcI have SSLCertificateFile and
and SSLCertificateKeyFile .
My problem is with regard to ssl/CertificateChainFile?
what is this? Also how do I upload my J2EE Certificate into apache.
The problem is with Apache handshake is not happening.
I am forwarding the entire log during . I have put what I consider important in bold.Please have a look.
<b>----
</b>
Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1769): OpenSSL: Handshake: start
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: before/connect initialization
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv2/v3 write client hello A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 7/7 bytes from BIO#629160 [mem: 47855a8] (BIO dump follows)
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 16 03 01 04 1a 02 ...... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1488): | 0007 - <SPACES/NULS>
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 1048/1048 bytes from BIO#629160 [mem: 47855af] (BIO dump follows)
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 00 36 03 01 44 74 67 cb-38 b5 8e 42 3b 59 c3 6c .6..Dtg.8..B;Y.l |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0010: 23 5c 07 d0 8b 24 89 89-11 2e 0d 80 ed 1a 06 ea #
...$.......... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0020: 1d 10 b0 59 10 28 7c b4-02 cb d6 08 a8 e4 ea 5a ...Y.(|........Z |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0030: e5 88 5c 5d 90 00 39 00-0b 00 01 cc 00 01 c9 00 ..
]..9......... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0040: 01 c6 30 82 01 c2 30 82-01 2b a0 03 02 01 02 02 ..0...0..+...... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0050: 04 36 0b 23 72 30 0d 06-09 2a 86 48 86 f7 0d 01 .6.#r0...*.H.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0060: 01 04 05 00 30 14 31 12-30 10 06 03 55 04 03 13 ....0.1.0...U... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0070: 09 6c 6f 63 61 6c 68 6f-73 74 30 1e 17 0d 30 33 .localhost0...03 |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0080: 31 30 30 32 30 37 32 35-30 30 5a 17 0d 30 35 31 1002072500Z..051 |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0090: 30 30 32 30 37 32 35 30-30 5a 30 14 31 12 30 10 002072500Z0.1.0. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00a0: 06 03 55 04 03 13 09 6c-6f 63 61 6c 68 6f 73 74 ..U....localhost |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00b0: 30 81 9f 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01 0..0...*.H...... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00c0: 05 00 03 81 8d 00 30 81-89 02 81 81 00 ef d6 ff ......0......... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00d0: a6 39 e1 64 a5 d3 fb 16-de 4e ee 1d 81 84 31 bc .9.d.....N....1. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00e0: e6 b7 96 07 3e 81 b9 94-d1 c1 e0 f9 00 3a 84 e8 ....>........:.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00f0: 7a 30 11 cd 41 26 d6 6c-95 90 93 95 17 e0 1a b7 z0..A&.l........ |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0100: 00 0f 59 33 7d 1d f3 a0-83 17 c5 f3 7e b3 ad ed ..Y3}.......~... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0110: c9 60 ac af 9e 31 d2 ec-42 71 f9 c3 98 2e 93 f9 .`...1..Bq...... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0120: 9d c3 c4 3d b3 7d 9b 97-83 1c 6b bd c0 75 cc 96 ...=.}....k..u.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0130: dc b9 a0 1b 00 79 85 e4-19 1f 61 42 54 db 91 94 .....y....aBT... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0140: d8 1d 72 13 08 36 22 49-3b fb 05 dc 33 02 03 01 ..r..6"I;...3... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0150: 00 01 a3 21 30 1f 30 1d-06 03 55 1d 0e 04 16 04 ...!0.0...U..... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0160: 14 ed ed 02 af 94 13 59-1c 42 e6 69 40 e5 80 dd .......Y.B.i@... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0170: a4 e9 33 91 02 30 0d 06-09 2a 86 48 86 f7 0d 01 ..3..0...*.H.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0180: 01 04 05 00 03 81 81 00-2c 22 08 bd 71 b6 80 43 ........,"..q..C |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0190: 5a 2a 8b e8 62 34 b4 b4-84 8a 47 4b 97 5e bf dd Z*..b4....GK.^.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01a0: 17 4c 0a 1c b7 0e cd c5-d1 cc d8 77 cd 38 10 ef .L.........w.8.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01b0: 22 02 f0 02 7f a2 39 2b-53 eb 31 b6 18 49 37 a0 ".....9+S.1..I7. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01c0: 50 47 f2 34 ab 33 eb 5f-ec 5a f9 f7 53 5f 27 eb PG.4.3._.Z..S_'. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01d0: 02 7f b4 28 3e e8 b1 c7-59 df 2c 93 25 c5 34 14 ...(>...Y.,.%.4. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01e0: 7a 34 7c 45 b4 eb 6b 34-93 26 98 51 37 d3 e6 b0 z4|E..k4.&.Q7... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01f0: 7f 83 e3 a9 04 d3 47 b3-3d de 43 57 27 45 82 c0 ......G.=.CW'E.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0200: 4d 48 bf c0 a7 2f 66 0c-0c 00 02 08 00 80 af 76 MH.../f........v |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0210: 1f f5 f6 48 a0 01 0f ed-55 4c 53 9a 7c 07 7a ba ...H....ULS.|.z. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0220: c7 9d 77 e8 8b c7 66 8f-80 03 18 c5 1f 4f 2a a0 ..w...f......O*. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0230: 08 6f 9f e3 13 94 30 56-e7 2f 96 7c 26 97 ba 12 .o....0V./.|&... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0240: aa fd 3e 43 e1 46 c2 d1-32 94 56 45 52 c0 24 6f ..>C.F..2.VER.$o |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0250: 38 e0 93 0f 3a f8 0a 7c-41 0e 4c 54 4f 5a 7e d4 8...:..|A.LTOZ~. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0260: 62 e6 71 cd a0 dc 1e 9b-17 e5 10 71 3c 9d c6 39 b.q........q<..9 |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0270: 05 50 b6 15 37 0b 68 4f-24 50 74 47 13 1c 74 d8 .P..7.hO$PtG..t. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0280: 81 27 81 71 3a 4a c5 26-7d b8 e6 21 b3 d9 00 80 .'.q:J.&}..!.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0290: 4f 6f 5d e6 2d dc 77 46-e6 77 b1 94 3d 65 5b b0 Oo].-.wF.w..=e[. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02a0: 3d 39 7a 6c a2 c7 0b e3-27 08 fa 48 8d 75 1a fe =9zl....'..H.u.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02b0: 32 e6 13 d1 31 65 7d d5-11 34 21 78 38 d1 11 fb 2...1e}..4!x8... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02c0: ea 59 8e 24 79 5a 4b c2-f7 98 22 51 9f a7 4d 2b .Y.$yZK..."Q..M+ |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02d0: 15 98 fe d4 43 4b 34 25-b3 9b b3 ae 57 d1 ea 69 ....CK4%....W..i |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02e0: 6e 02 7e 61 d7 80 b6 73-6a 3e ac eb 69 38 67 8f n.~a...sj>..i8g. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02f0: a9 2a dc 93 3d 22 f3 6e-6a 5d 51 1f b1 b1 10 5e .*..=".nj]Q....^ |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0300: 82 28 48 0d 5a 78 f8 17-61 e0 c5 43 61 7a 42 6a .(H.Zx..a..CazBj |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0310: 00 80 42 fa 7e 11 b2 77-3a 8c de f1 52 5a e1 18 ..B.~..w:...RZ.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0320: d4 e7 8f ee 2c e0 06 ef-d5 37 87 62 07 14 d1 5a ....,....7.b...Z |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0330: ca 30 be fd dd 76 47 8f-ed f4 5f f3 64 6c 32 a9 .0...vG..._.dl2. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0340: d5 07 e2 9b f1 29 a3 bf-33 4a ed 72 6b 2e c3 0f .....)..3J.rk... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0350: 30 bd 13 a1 42 d8 f7 1d-58 8a 1c 53 d6 c3 c8 6e 0...B...X..S...n |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0360: 0e 51 e3 f5 a0 37 68 0d-04 c6 0e c4 4d cc ed 7c .Q...7h.....M..| |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0370: ef 8f 81 b3 52 34 0c 60-eb f8 01 19 cc 95 31 55 ....R4.`......1U |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0380: 7d 16 bf 0c df b8 e0 3d-8f 7c 7a 4a 64 98 93 59 }......=.|zJd..Y |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0390: eb ae 00 80 ef cb bc 38-ab 16 0e a2 b2 2d fa 0f .......8.....-.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03a0: da 55 2d 67 a8 b8 34 1b-bf 39 d9 d6 da 65 f2 8f .U-g..4..9...e.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03b0: 6f a2 b1 1d db bb d5 dd-ab cf 9e 63 00 e4 57 a5 o..........c..W. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03c0: 18 4a dc 60 b0 97 5d 67-34 96 bf a2 43 2b 7d 70 .J.`..]g4...C+}p |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03d0: d6 99 d2 31 d2 11 f4 f2-19 b8 0c 41 7d bf b1 7c ...1.......A}..| |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03e0: fb 31 cb 3e c2 0a e2 26-1a 7e 63 50 9b 62 c3 82 .1.>...&.~cP.b.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03f0: ca cd 36 82 0c 56 5f 26-f6 cc c6 6f 03 92 cc f5 ..6..V_&...o.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0400: 6b 55 1a d6 92 f9 5b 59-18 c2 62 21 eb d8 a4 ea kU....[Y..b!.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0410: fd b6 3e f7 0e ..>.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1488): | 1048 - <SPACES/NULS>
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server hello A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server certificate A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server key exchange A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server done A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write client key exchange A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write change cipher spec A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write finished A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 flush data
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 5/5 bytes from BIO#629160 [mem: 47855a8] (BIO dump follows)
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 15 03 01 00 02 ..... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 2/2 bytes from BIO#629160 [mem: 47855ad] (BIO dump follows)
Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 02 28 .( |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1782): OpenSSL: Read: SSLv3 read finished A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1801): OpenSSL: Exit: failed in SSLv3 read finished A
[Wed May 24 07:03:54 2006] [info] SSL Proxy connect failed
[Wed May 24 07:03:54 2006] [info] SSL Library Error: 336151568 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[Wed May 24 07:03:54 2006] [info] Connection to child 249 closed with abortive shutdown(server apacheserver:443, client j2eeserver)
[Wed May 24 07:03:54 2006] [error] (20014)Error string not specified yet: proxy: pass request body failed to j2eeserver:50001 (j2eeserver)
[<b>Wed May 24 07:03:54 2006] [error] (20014)Error string not specified yet: proxy: pass request body failed to j2eeserver:50001 (j2eeserve) from apacheserver ()
[Wed May 24 07:04:10 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O error, 5 bytes expected to read on BIO#612610 [mem: 62ac80]
[Wed May 24 07:04:10 2006] [info] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : SSL input filter read failed.
[Wed May 24 07:04:10 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Write: SSL negotiation finished successfully
[Wed May 24 07:04:10 2006] [info] Connection to child 249 closed with standard shutdown(server apacheserver:443, client apacheserver)
</b> -
Apache as a reverse proxy for E-recruiting
We are trying to use apache as a reverse procy for e-recruting. The call to the web proxy is being forwareded correctly but whereas if the page is opened directly on the e-recruiting box it opens a page with a bsp generated logon screen, when using the portal it generates a window dialog for logon and i the get the following message :
BSP Exception: Das Objekt sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do in der URL /sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do?sap-client=100&sap-language=EN&BspClient=100&BspLanguage=EN&rcfSpId=0003&rcfContext=LMUGEN ist nicht gültig.
Has anyone done apache as a proxy for e-recruting who can share an example or offer any advice?
ThanksHi Richard,
you can take this link as a starting point: /people/sap.user72/blog/2006/04/18/the-reverse-proxy-series--part-32-apache-as-a-complex-reverse-proxy
In your case it seems to me that "/sap/bc/bsp/sap/hrrcf_start_int" gets concatenated 2 more times in your URL than it should.
That looks like a loop resp. an apache directive which gets executed too often.
regards, Norbert -
Help with Apache Reverse Proxy configuration with SAP Portal and SAP Webgui
Dear Experts,
I have an issue configuring Apache to work with SAP Portal and ERP webgui. Accessing Portal through Reverse Proxy is working fine. But the problem arises when we try to open an iView ERP webgui transaction page from Portal with the Reverse Proxy. Have anyone implemented similar requirements and could advice on the configuration required on the Apache side? Thank youhi,
pls check the below links for reference:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/24396589-0a01-0010-3c8c-ab2e3acf6fe2
searchsap.techtarget.com/searchSAP/downloads/chapter-december.pdf
1)Learn to implement the reverse proxy filter and portal gateway in SAP Enterprise Portal 6.0 on Web Application Server 6.40.
https:/.../irj/sdn/nw-portalandcollaboration?rid=/webcontent/uuid/006efe7b-1b73-2910-c4ae-f45aa408da5b
.2 )Configuring the Portal for Your Reverse Proxy Filter Solution . ... This document describes the reverse proxy filter mechanism in SAP Enterprise ...
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/32ad9b90-0201-0010-3c8a-c900cd685f8f
3)have full reverse proxy functionality. Possibly. filter. requests. Internet ... Reverse proxy (optionally with authentication etc.) ...
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/c066c390-0201-0010-3cba-cd42dfbcc8be
Note:please reward points if solution found helpfull
Regards
Chandrakanth.k -
O-Portal behind reverse proxy, aliasing of o-portal url to generic url.
I'd like to setup o-Portal behind a reverse proxy. This is a proxy service which accepts connections on http://a.b.com/ and gets the content from internal webservers based on the url. For example http://a.b.com/pls/DAD1 comes from an o-Portal server but http://a.b.com/depts/ comes from a webserver. The problem with o-Portal is now, that it creates pages with its servername and port in the URL of the pages it serves out. For example, if it runs on server x.b.com on the port 7777 the links on all pages are http://x.b.com:7777/pls/DAD1. To get it to work correctly with my proxy, all these links should be http://a.b.com/pls/DAD1 and then the proxy gets the pages from http://x.b.com:77777/pls/DAD1.
How do I tell o-Portal to create this different URL in its pages? You could also say, I'd like to alias http://a.b.com/pls/DAD1 to http://x.b.com:77777/pls/DAD1
I'm sure there is a configuration setting to change this. We had the same problem with Oracle HR11i and there we got it solved.
Web Single Sign On applications like IBM WebSeal or Netegrity Siteminder use these kind of proxies to protect the intranet and to create a Single Sign On domain for all web servers.
Thanks,
RainerI also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
John Z
Butler Mfg. Co.
[email protected] -
Reverse Proxy with Firewall on Portal R2
We are trying to configure Oracle Portal R2 in the reverse proxy mode. We have a Sun Enterprise 250 used in a single machine configuration. (Infr. and Mid tier on same machine)
The webcache server is listening on server.company.com:7781
The portal server is listening on server.company.com:7782
The login server is listening on server.company.com:7780
The proxy server is listening on www.company.com:81
According to the Oracle Portal Config Guide we have followed the steps to configure Apache (inclusion of the virtual hosts, etc) and run the ptlasst script to reconfigure portal. While portal responds correctly on www.company.com:81 when i try to log on using the login link I get redirected to server.company.com:7780/...
Obviously everything seems to be ok from within the LAN since i can see server.company.com, but via internet it doesnt work.
Here is how we run the script:
./ptlasst.csh -mode MIDTIER -host www.company.com -port 81 -chost server.company.com -cport_i 4007 -i custom -c server.company.com:1521:iasdb -pwd xxxxxx
How can we correct this problem? Do we need to run any other script?Hi Suraj,
The following is the problem.
We have Sun Enterprise 450 on which Oracle 9iAS Release 2 installed and we are trying to use reverse proxy plugin with iplanet, being installed on windows machine. In the hosts file i have mentioned the following required parameters ie.,
oproxy.serverlist=ias1
oproxy.ias1.hostname=http://192.168.1.12 - where Oracle 9iAS is installed
oproxy.ias1.port=7779
oproxy.ias1.urlrule=/*
oproxy.ias1.alias=http://myoracleportal.peesh.com
oproxy.ias1.stripcontext=false
and whenever i restart iplanet server after this, here is the following log information.
06/26/2002 11:57:52 AM: [op_nsapi_plugin.c (296)]: op_init: log_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/logs/oproxy.log server_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf
06/26/2002 11:57:52 AM: [op_uri_map.c (128)]: Into op_uri_map_t::uri_map_alloc
06/26/2002 11:57:52 AM: [op_uri_map.c (162)]: Into op_uri_map_t::uri_map_open
06/26/2002 11:57:52 AM: [op_worker_list.c (37)]: op_worker_list_init: propfile=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf p=0x00DC8828 l=0x00DBDA70
06/26/2002 11:57:52 AM: [op_worker_list.c (45)]: op_worker_list_init: numservers=1
06/26/2002 11:57:52 AM: [op_worker_list.c (57)]: op_worker_list_init: inside loop, serverlist[0]=ias1
06/26/2002 11:57:52 AM: [op_worker_list.c (73)]: op_worker_list_init: hostname=http://192.168.1.12
06/26/2002 11:57:52 AM: [op_worker_list.c (82)]: op_worker_list_init: port=7779
06/26/2002 11:57:53 AM: [op_uri_map.c (192)]: op_uri_map_t::uri_map_open, rule map size is 0
06/26/2002 11:57:53 AM: [op_uri_map.c (325)]: op_uri_map_t::uri_map_open, done
06/26/2002 11:57:53 AM: [op_nsapi_plugin.c (304)]: op_init: exiting
I have a feeling that "oracle_proxy_nes.dll" maintains all the .conf file information in a stack, whose size is 0.
pls see interpret this log the way you see.
thanks in advance,
gupta -
Post installation for Portal and errors for new system
I've recently installed a NW 7 based ABAPJAVA System with Portal Components (EPEP Core) on Windows + Oracle for demo.
1 ) Since, I am facing a lot of errors after the installation, I think I have missed to carry out some post-install steps. Can someone please suggest on the post-installation steps in some detail ??
2) When I try to open the newly installed portal using http://fqdn_host:50000/irj ; the browser shows some exception has occurred: However, I tried to restart the system (everything including db) as suggested in some of the other links and login went fine.
After I logged in to the portal (/irj) as j2ee_admin; I am trying to open Content Administration --> Portal Content OR System Administration -> Transport OR --> System Configuration etc ; but I am getting the error coded below::
An exception occurred while processing a request for :
iView : pcd:portal_content/every_user/general/defaultDesktop/frameworkPages/frameworkpage/com.sap.portal.innerpage/com.sap.portal.layoutPortal1_WAandNavPanel
Component Name : com.sap.portal.layouts.framework.WAandNavPanel
Error occurs during the rendering of jsp component.
Exception id: 05:05_25/03/10_0032_7012350
See the details for the exception ID in the log file
The log file (that I believe is the trace file in cluster/server0/log/defaultTrace.0.trc) says (This gives several such exceptions listed in the file.) (I'll put the log as a comment to the post because of the limit on max characters)
Note that the link http://punitp84712d:50000/nwa works absolutely fine. PFB the J2EE process details.
J2EE Process Details
Name Type PID Status Debug
Dispatcher ID7012300 J2EE Dispatcher 3,240 Running Disabled
SDM SDM Server 4,736 Running Switched off
Server0 ID7012350 J2EE Server 596 Running Disabled
Can someone please help me through this and let me know how did you draw your inference. Let me know if there is any other place that can give me more information / logs on the error.
Thanks,Hi Jay,
Please check that server is Running but not able to open some application. I would suggest to check the Enviromental Variable for My Computer :-
- Database Enviromental variable is added or not under "user vairable for <UserID for Server Desktop>
- Check JAVA_HOME Enviromental variable is added or not under "System Variable'
Check at (My computer > Properties >> Advance >> Startup and Recovery >> Enviromental Variable >> System Variables/User varaible
Update your server IP address and host name in host file entry at (RUN > drivers > etc > host file) and check database server services (Run > Services.msc >> Start your database services manually and change prperties as automatic)
Then try to open portal URL http://<Host>:<Port>/irj/portal or http://<Host>:<Port>/index.html
Hope it helps
Regards
Arun -
How to Install Apache 2.x with ssl on solaris 8/9 for reverse proxy
Hi,
I need to install Apache 2.x on solaris , along with mod_ssl and openssl . I am not sure where to find the required version for solaris and also where to find openssl and mod_ssl for installation for 2.x.
I need this for configuring reverse proxy pointing to the Portal.Harish,
I think, I don't get your problem...
the files are available at http://www.apache.org (binaries and source)
http://www.artfiles.org/apache.org/httpd/binaries/solaris/
openssl at http://www.openssl.org
mod_ssl at http://www.modssl.org
kr, achim -
Apache as Reverse Proxy for UWC and Webmail
Hi,
for several reasons i want to use apache 2 as reverse proxy and ssl accelerator for UWC.
internet <-> apache/ssl <-> backend port 80
I configured my apache with mod_proxy and mod_proxy_html.
Here are the concerning config lines:
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
ProxyPass / http://backend.domain.com/
ProxyPassReverse / http://backend.domain.com/
<Location />
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /
ProxyHTMLURLMap http://backend.domain.com:80/ http://webplex.domain.com/
ProxyHTMLExtended On
RequestHeader unset Accept-Encoding
</Location>For Webmail this configuration works most of the time. There are some minor problems in ie with the folder view. But the real problem is: I can't get UWC to work. The problem seems to be that mod_proxy_html can't replace all of the occurences of backend.domain.com in the html pages.
Especially:
onsubmit="handleSubmit()" action="http://webplex.domain.com/amserver/UI/Login?goto=http://backend.domain.com:80/uwc/&gotoOnFail=http://backend.domain.com:80/uwc/?err=1&module=LDAP" method="POST">in the uwc login page.
So my question is:
Is anybody out there who got apache working as reverse proxy for uwc?
Thanks a lot.
PS1:Solaris 10 on V20z, JES2005Q4
PS2: I already configured UWC with the reverse plugin for sun webserver on backend host so that uwc is working through port 80 only. So there should be no problems arise from that.Hopefully, you'll hear from somebody. I have zero knowledge or experience with Apache.
-
Reverse Proxy issue for domain name
Hi All,
We are in process of implementing reverse proxy to the SAP Portal and web dispatcher.
We given all rewrite rules accordingly, The public IP also resolves the domain name also.
Our domain is etender-aai.aero.
When we given rewrite rule with the public IP reverse proxy is working fine.
But when we given etender-aai.aero in rewrite rule its not working.
Please help me in this.
Thanks & Regards,
SreekanthHi,
If you want help, you'll have to explain clearly what is your configuration and what you want to achieve.
I'm sorry to tell you that I absolutely did not nderstand anything about your problem....
Do you try to publish your SAP Portal externally on the internet ?
Do you use the web dispatcher as a reverse proxy ? or do you add an other reverse proxy (like Apache) in front of the web dispatcher ?
Regards,
Olivier -
Apache as reverse proxy - 400 Bad request
Hi all,
I'm configured apache as reverse proxy according to this blog:
The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
When I try to navigate http://testcomp/irj I get "400 - Bad request"
See exception;
<i>Message : User Guest, IP address
Cannot parse the http request. Http error response [400 Bad Request] will be returned. Request is [Host: sapportal:50000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
Accept-Language: en,he;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
Max-Forwards: 10
Via: 1.1 localhost
X-Forwarded-For: 10.0.0.4
X-Forwarded-Host: 10.0.0.6
X-Forwarded-Server: localhost
Connection: Keep-Alive
GET /irj HTTP/1.1
Host: sapportal:50000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
Accept-Language: en,he;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
Max-Forwards: 10
Via: 1.1 localhost
X-Forwarded-For: 10.0.0.4
X-Forwarded-Host: 10.0.0.6
X-Forwarded-Server: localhost
Connection: Keep-Alive
com.sap.engine.services.httpserver.exceptions.HttpIllegalArgumentException: Incompatible field content in the MIME header.
at com.sap.engine.services.httpserver.lib.headers.MimeHeaderField.parse(MimeHeaderField.java:364)
at com.sap.engine.services.httpserver.lib.headers.MimeHeaders.init(MimeHeaders.java:504)
at com.sap.engine.services.httpserver.server.RequestAnalizer.initialize(RequestAnalizer.java:196)
at com.sap.engine.services.httpserver.server.Client.initialize(Client.java:84)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:143)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Severity : Error
Category :
Location : com.sap.engine.services.httpserver
Application :
Thread : SAPEngine_Application_Thread[impl:3]_32
Datasource : 9332850:C:usrsapPD9JC00j2eeclusterserver0logdefaultTrace.trc
Message ID : 000C29EFE9A300570000002D00000B9000043A81D3311894
Source Name : com.sap.engine.services.httpserver
Argument Objs :
Arguments :
Dsr Component :
Dsr Transaction : 5359e85066e411dcbf6b000c29efe9a3
Dsr User :
Indent : 0
Level : 0
Message Code :
Message Type : 0
Relatives :
Resource Bundlename :
Session : 2
Source : com.sap.engine.services.httpserver
ThreadObject : SAPEngine_Application_Thread[impl:3]_32
Transaction :
User : Guest</i>
The lines I added to http.conf
<i>#Enable reverse-proxying
ProxyVia on
ProxyTimeout 600
#disable forward-proxying
ProxyRequests Off
#proxy /irj both ways
ProxyPass /irj http://sapportal:50000/irj
ProxyPassReverse /irj http://testcomp/irj
#proxy /logon both ways
ProxyPass /logon http://sapportal:50000/logon
ProxyPassReverse /logon http://testcomp/logon</i>
I tried with apache version 2.2.3 & 2.0.59 with no success.
My J2EE/Portal version is 6.17.
Since this is a testing environment the two computers are under the same workgroup (no domain).
If I naviagte directly to the portal (without the reverse proxy) everything is working.
How can I solve it?
Regards,
OmriHi Jakub,
Thanks for the answer.
It's not working for me...
I'm attaching my httpd.conf file.
Also, what apache version do you use?
Can you send me your post your httpd.conf file?
Thanks,
Omri
httpd.conf
This is the main Apache HTTP server configuration file. It contains the
configuration directives that give the server its instructions.
See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
In particular, see
<URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
for a discussion of each configuration directive.
Do NOT simply read the instructions in here without understanding
what they do. They're here only as hints or reminders. If you are unsure
consult the online docs. You have been warned.
Configuration and logfile names: If the filenames you specify for many
of the server's control files begin with "/" (or "drive:/" for Win32), the
server will use that explicit path. If the filenames do not begin
with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
with ServerRoot set to "c:/apache" will be interpreted by the
server as "c:/apache/logs/foo.log".
NOTE: Where filenames are specified, you must use forward slashes
instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
If a drive letter is omitted, the drive on which Apache.exe is located
will be used by default. It is recommended that you always supply
an explicit drive letter in absolute paths, however, to avoid
confusion.
ThreadsPerChild: constant number of worker threads in the server process
MaxRequestsPerChild: maximum number of requests a server process serves
ThreadsPerChild 250
MaxRequestsPerChild 0
ServerRoot: The top of the directory tree under which the server's
configuration, error, and log files are kept.
Do not add a slash at the end of the directory path. If you point
ServerRoot at a non-local disk, be sure to point the LockFile directive
at a local disk. If you wish to share the same ServerRoot for multiple
httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "c:/apache"
Listen: Allows you to bind Apache to specific IP addresses and/or
ports, instead of the default. See also the <VirtualHost>
directive.
Change this to Listen on specific IP addresses as shown below to
prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#Listen 12.34.56.78:80
Listen 80
Dynamic Shared Object (DSO) Support
To be able to use the functionality of a module which was built as a DSO you
have to place corresponding `LoadModule' lines at this location so the
directives contained in it are actually available before they are used.
Statically compiled modules (those listed by `httpd -l') do not need
to be loaded here.
Example:
LoadModule foo_module modules/mod_foo.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule headers_module modules/mod_headers.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
<b>LoadModule proxy_module modules/mod_proxy.so</b>
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
<b>LoadModule proxy_http_module modules/mod_proxy_http.so</b>
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule ssl_module modules/mod_ssl.so
'Main' server configuration
The directives in this section set up the values used by the 'main'
server, which responds to any requests that aren't handled by a
<VirtualHost> definition. These values also provide defaults for
any <VirtualHost> containers you may define later in the file.
All of these directives may appear inside <VirtualHost> containers,
in which case these default settings will be overridden for the
virtual host being defined.
ServerAdmin: Your address, where problems with the server should be
e-mailed. This address appears on some server-generated pages, such
as error documents. e.g. [email protected]
ServerAdmin @@ServerAdmin@@
ServerName gives the name and port that the server uses to identify itself.
This can often be determined automatically, but we recommend you specify
it explicitly to prevent problems during startup.
If your host doesn't have a registered DNS name, enter its IP address here.
ServerName localhost:80
DocumentRoot: The directory out of which you will serve your
documents. By default, all requests are taken from this directory, but
symbolic links and aliases may be used to point to other locations.
DocumentRoot "c:/apache/htdocs"
Each directory to which Apache has access can be configured with respect
to which services and features are allowed and/or disabled in that
directory (and its subdirectories).
First, we configure the "default" to be a very restrictive set of
features.
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Satisfy all
</Directory>
Note that from this point forward you must specifically allow
particular features to be enabled - so if something's not working as
you might expect, make sure that you have specifically enabled it
below.
This should be changed to whatever you set DocumentRoot to.
<Directory "c:/apache/htdocs">
Possible values for the Options directive are "None", "All",
or any combination of:
Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
Note that "MultiViews" must be named explicitly --- "Options All"
doesn't give it to you.
The Options directive is both complicated and important. Please see
http://httpd.apache.org/docs/2.2/mod/core.html#options
for more information.
Options Indexes FollowSymLinks
AllowOverride controls what directives may be placed in .htaccess files.
It can be "All", "None", or any combination of the keywords:
Options FileInfo AuthConfig Limit
AllowOverride None
Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
DirectoryIndex: sets the file that Apache will serve if a directory
is requested.
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
The following lines prevent .htaccess and .htpasswd files from being
viewed by Web clients.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>
ErrorLog: The location of the error log file.
If you do not specify an ErrorLog directive within a <VirtualHost>
container, error messages relating to that virtual host will be
logged here. If you do define an error logfile for a <VirtualHost>
container, that host's errors will be logged there and not here.
ErrorLog logs/error.log
LogLevel: Control the number of messages logged to the error_log.
Possible values include: debug, info, notice, warn, error, crit,
alert, emerg.
LogLevel warn
<IfModule log_config_module>
The following directives define some format nicknames for use with
a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%You need to enable mod_logio.c to use %I and %Oi\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
The location and format of the access logfile (Common Logfile Format).
If you do not define any access logfiles within a <VirtualHost>
container, they will be logged here. Contrariwise, if you do
define per-<VirtualHost> access logfiles, transactions will be
logged therein and not in this file.
CustomLog logs/access.log common
If you prefer a logfile with access, agent, and referer information
(Combined Logfile Format) you can use the following directive.
#CustomLog logs/access.log combined
</IfModule>
<IfModule alias_module>
Redirect: Allows you to tell clients about documents that used to
exist in your server's namespace, but do not anymore. The client
will make a new request for the document at its new location.
Example:
Redirect permanent /foo http://www.example.com/bar
Alias: Maps web paths into filesystem paths and is used to
access content that does not live under the DocumentRoot.
Example:
Alias /webpath /full/filesystem/path
If you include a trailing / on /webpath then the server will
require it to be present in the URL. You will also likely
need to provide a <Directory> section to allow access to
the filesystem path.
ScriptAlias: This controls which directories contain server scripts.
ScriptAliases are essentially the same as Aliases, except that
documents in the target directory are treated as applications and
run by the server when requested rather than as documents sent to the
client. The same rules about trailing "/" apply to ScriptAlias
directives as to Alias.
ScriptAlias /cgi-bin/ "c:/apache/cgi-bin/"
</IfModule>
"c:/apache/cgi-bin" should be changed to whatever your ScriptAliased
CGI directory exists, if you have that configured.
<Directory "c:/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Apache parses all CGI scripts for the shebang line by default.
This comment line, the first line of the script, consists of the symbols
pound (#) and exclamation followed by the path of the program that
can execute this specific script. For a perl script, with perl.exe in
the C:\Program Files\Perl directory, the shebang line should be:
#!c:/program files/perl/perl
Note you mustnot_ indent the actual shebang line, and it must be the
first line of the file. Of course, CGI processing must be enabled by
the appropriate ScriptAlias or Options ExecCGI directives for the files
or directory in question.
However, Apache on Windows allows either the Unix behavior above, or can
use the Registry to match files by extention. The command to execute
a file of this type is retrieved from the registry by the same method as
the Windows Explorer would use to handle double-clicking on a file.
These script actions can be configured from the Windows Explorer View menu,
'Folder Options', and reviewing the 'File Types' tab. Clicking the Edit
button allows you to modify the Actions, of which Apache 1.3 attempts to
perform the 'Open' Action, and failing that it will try the shebang line.
This behavior is subject to change in Apache release 2.0.
Each mechanism has it's own specific security weaknesses, from the means
to run a program you didn't intend the website owner to invoke, and the
best method is a matter of great debate.
To enable the this Windows specific behavior (and therefore -disable- the
equivilant Unix behavior), uncomment the following directive:
#ScriptInterpreterSource registry
The directive above can be placed in individual <Directory> blocks or the
.htaccess file, with either the 'registry' (Windows behavior) or 'script'
(Unix behavior) option, and will override this server default option.
DefaultType: the default MIME type the server will use for a document
if it cannot otherwise determine one, such as from filename extensions.
If your server contains mostly text or HTML documents, "text/plain" is
a good value. If most of your content is binary, such as applications
or images, you may want to use "application/octet-stream" instead to
keep browsers from trying to display binary files as though they are
text.
DefaultType text/plain
<IfModule mime_module>
TypesConfig points to the file containing the list of mappings from
filename extension to MIME-type.
TypesConfig conf/mime.types
AddType allows you to add to or override the MIME configuration
file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
AddEncoding allows you to have certain browsers uncompress
information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
If the AddEncoding directives above are commented-out, then you
probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler allows you to map certain file extensions to "handlers":
actions unrelated to filetype. These can be either built into the server
or added with the Action directive (see below)
To use CGI scripts outside of ScriptAliased directories:
(You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
For type maps (negotiated resources):
#AddHandler type-map var
Filters allow you to process content before it is sent to the client.
To parse .shtml files for server-side includes (SSI):
(You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
The mod_mime_magic module allows the server to use various hints from the
contents of the file itself to determine its type. The MIMEMagicFile
directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
Customizable error responses come in three flavors:
1) plain text 2) local redirects 3) external redirects
Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
EnableMMAP and EnableSendfile: On systems that support it,
memory-mapping or the sendfile syscall is used to deliver
files. This usually improves server performance, but must
be turned off when serving from networked-mounted
filesystems or if support for these functions is otherwise
broken on your system.
#EnableMMAP off
#EnableSendfile off
Supplemental configuration
The configuration files in the conf/extra/ directory can be
included to add extra features or to modify the default configuration of
the server, or you may simply copy their contents here and change as
necessary.
Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
Fancy directory listings
#Include conf/extra/httpd-autoindex.conf
Language settings
#Include conf/extra/httpd-languages.conf
User home directories
#Include conf/extra/httpd-userdir.conf
Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
Virtual hosts
#Include conf/extra/httpd-vhosts.conf
Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
Various default settings
#Include conf/extra/httpd-default.conf
Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Note: The following must must be present to support
starting without SSL on platforms with no /dev/random equivalent
but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<b>ProxyPreserveHost On
ProxyVia on
ProxyTimeout 600
#disable forward-proxying
ProxyRequests Off
#proxy /irj both ways
ProxyPass /irj http://sapportal:50000/irj
ProxyPassReverse /irj http://sapportal:50000/irj
#ProxyPassReverse /irj http://testcomp/irj
#proxy /logon both ways
ProxyPass /logon http://sapportal:50000/logon
ProxyPassReverse /logon http://sapportal:50000/logon
#ProxyPassReverse /logon http://testcomp/logon</b> -
Hi
I have installed Apache Reverse Proxy to access my Portal and ECC6.
In the httpd config file , i have done the following settings.
<VirtualHost ipaddress:port>
ProxyPreserveHost On
ProxyPass /irj/ http://portalserver:50000/irj/
ProxyPassReverse /irj/ http://portalserver:50000/irj/
ProxyPass /eccdev/ http://eccserver:8000/eccdev/
ProxyPassReverse /eccdev/ http://eccserver:8000/eccdev/
</VirtualHost>
eccdev is external alias for the path
/sap/bc/gui/sap/its/webgui/
With this setting when i when a request is made for eccdev/
it takes me to the ecc6 login page.
when i enter the required information , it just clears the username password fields.
i checked that the username password are correctly entered.
what is the problem ?
Regards
RajendraHi Darren ,
Thanks for the reply.
Our SSO between Portal and ECC6 works fine without Reverse Proxy.
If we access the Portal Through Reverse Proxy , when we navigate to any iViews say BSP iView , it asks for Username password. Once provided it works fine.
Second Scenario is Using Reverse Proxy to Directly access
SAP GUI . i.e without using Portal.
If i do not use Reverse Proxy , i can access my ECC6 webgui
through browser after providing the Login Details, but if i use Reverse Proxy then Even after providing the Login Details ,
the LogOn Box does not go and keeps asking for login details.
To summarize , i just want to acess the SAP GUI from Browser
using Reverse Proxy . I am able to do it without reverse Proxy .
Can you help ? -
Apache Reverse Proxy: Domain problem
Hi,
I have a problem with Apache Reverse Proxy (Apache 2.2) and SAP Enterprise Portal 6.0.
I configured Apache as a Reverse Proxy Server (with SSL)so that the portal is accessible through the internet. Everything is working fine but the OWA integration doesn't work over the Reverse Proxy.
If I log on to <u>http://portalsrv.mydomain.xx:12345/irj</u> the OWA integration works fine with SSO and there is no problem with session management.
If I log on to <u>https://revproxy.mydomain.zz:1234/irj</u> and want to open Outlook I get the message that Session management doesn't work. However the other components like ESS work fine. Deactivating the DSM Logger is not a solution to this problem.
The Log tells me:
1.
Application domain 'mydomain.xx' differs from Portal domain 'mydomain.zz'.
Session Management will not work for Application 'abc.mydomain.xx'
2.
Application schema 'http' differs from Portal schema 'https'.
Session Management will not work for Application 'abc.mydomain.xx'
Is there a possibility to write a Rewrite-Rule in the Apache-Conf?
For instance:
https://abc.mydomain.xx --> http://abc.mydomain.zz
Does anybody made such a rule?
I hope anybody can help me with the problem.
Thank youHi Daniel,
ok I`ll try to find a solution in parallel and keep you up to date.
In the following my settings in case I missed something:
<VirtualHost test.firma.de:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
ServerName test.firma.de:443
ServerAdmin [email protected]
LogLevel debug
ErrorLog logs/ssl_443_error
CustomLog logs/ssl_443_access_log common
ProxyVia Off
ProxyPreserveHost On
ReWriteEngine on
ReWriteLogLevel 0
ReWriteLog logs//ssl_443_rewrite_http.log
ProxyPass / https://backend.firma.de:50001/
ProxyPassReverse / https://backend.firma.de:50001/
</VirtualHost>
Regards, Jens -
Reverse Proxy Configuration - Apache as an SSL reverse-proxy
Hi,
We have EP 6.0 SP 14 installed with SSL configured.
We are in need to open the application to internet.
For the same we have set up a reverse proxy server (Apache as SSL
Reverse Proxy).
Our requirement is to open the application to the internet with
web address https://abc.domain.com.
The issue is we are able to access the application from internet only when
https://abc.domain.com/irj/potal is typed.
(ie.) Mapping is working fine for
https://abc.domain.com/irj/portal to
our EP Portal address https://abc2.domain.com:50001/irj/portal
And not working for mapping https://abc.domain.com to our EP Portal
address https://abc2.domain.com:50001/irj/portal
We have been working on to resolve this issue for days together but have been really unsuccessful
Kindly help us in resolving the same asap.
Note : The references we used are:
1. SAP's document:
"Apache Reverse Proxy Configuration for J2ee 6.20 and 6.40 Web Applications"
2. Weblogs:
The Reverse Proxy Series -- Part 1: Introduction
The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
The Reverse Proxy Series -- Part 3.1: Apache as an SSL reverse-proxy
Regards,
venkat.Thanks much for the feedback. We're using the default settings on the HTTP rule we have set up for the portal on the ISA server. We'll be looking into the details of what the default rule settings are, however we did find a note in the Microsoft Knowledge base detailing with the ISA server screening high bits in URL strings for Outlook Web Access (OWA). This generates a similar error message. Here is the link to the detailed note on the Microsoft web site:
http://support.microsoft.com/?scid=kb;en-us;837865
Also,we are going to be applying the SP1 upgrade to the ISA server (released in March) to see if this might be some type of issue that may have been identified and corrected by the service pack. We'll see what happens with that.
One area where we can recreate the problem at will is when we set up the system landscape configuration. We can navigate to a system configuration object, however when we attempt to right click to edit the object we get the error. There are other circumstances where we get errors but that is one that occurs for sure. Anyone have any idea as to what might be special about that type of transaction??
Thanks again.
Rich -
Non-Oracle Apache as Front-end/reverse proxy?
Hi,
The question I have is kind of OID-related, but I think is more relevant to OAS, so I hope that I'm posting this in the right forum.
We have an existing OID instance, using the Apache 1.3-based OHS, and up till now, users have been accessing the OID/OIDDAS web-interface directly, e.g., by going to http:<hostname>:7777/oiddas, then signing in.
We also have a (non-Oracle OHS) enterprise-wide Apache 2.x-based reverse-proxy, and they want to be able to reverse-proxy through this Apache 2.x to the OID web interface.
We tried adding the <Location> sections to the Apache 2.x reverse proxy, e.g.:
<Location /oiddas>
ProxyPass http://<hostname>:7777/oiddas
ProxyPassReverse http://<hostname>:7777/oiddas
</Location>
<Location /pls>
ProxyPass http://<hostname>:7777/pls
ProxyPassReverse http://<hostname>:7777/pls
</Location>
Then, when we go to http://<apache-2.0-reverse-proxy-hostname>/oiddas, we get the initial page with the "Login" link. But, when we click on the "Login" link, we are getting a "Forbidden" error (HTTP 403 error).
Has anyone configured something like this before? What else do we need to configure in the Apache 2.x reverse-proxy?
Thanks,
JimHi,
I just stood up a new test instance of 10gAS (only one I had the install files for), and I can access the oiddas via port 7777, i.e., http://<hostname>:7777/oiddas.
I setup a reverse-proxy to it on a separate Apache 2.x instance, and it looks like at least part of the problem is that when I access via the proxy, the 10gAS sends back redirects (HTTP 302) responses with Location headers with the original <10gAS_hostname>:7777.
In other words, I do the original access using http:<proxy_hostname>/oiddas, but then when I click the "Login" link, the 10gAS redirects my browser to http://<10gAS_hostname>:7777/pls/orasso (to go to the SSO server).
This doesn't explain why were were seeing the 403 errors at work, but I think that, as suggested in that webpage that I linked earlier, there are re-directs that may not be totally visible going on, i.e., you can't "just" setup the Apache reverse-proxy with the <Location> directives.
Thus far, I haven't been able to replicate the 403 error problem that we had...
Jim
Maybe you are looking for
-
Regarding standard aging reports
Hi Experts/Gurus I need the standard reports for customer aging report and vendor aging report. Need immediate replies. Your answers can be rewarded with good points. Regards, kumar
-
Time capsule stuck on making backup disk available
I read the tread below that should fix this issue: "What I did was start up disk utility and use it's repair feature on the bundle. The first time, I got an error saying it could not be repaired, but I tried again a couple days later and it seems to
-
I have a UDF that converts float data into output, howevere, it add .01 in isolated cases. The Input is as follows <?xml version="1.0" encoding="UTF-8"?> <ns0:MT_AMT xmlns:ns0="http://test.bob.com"> <SSN>123456789</SSN> <DATA>PH80.00
-
CF8/JRun4 Cluster for Load Balancing
Does anyone have an example of how to set up a CF8/JRun4 cluster for load balancing? I have three servers: x004 - Linux - Apache2 (10.0.0.54,10.1.0.54) x020 - Linux - JRun4/CF8 (10.0.0.70,10.1.0.70) x021 - Linux - JRun4/CF8 (10.0.0.71,10.1.0.71) Ever
-
What are the steps which can be performed to deploy a huge JEE2 application to server (500 Ejbs , 1000 Jsps). EAR size is 50MB+ It is imporntant that application deploy very fast and once open for access not to wait for compliation of jsps and servel