Apache reverse proxy and SSL termination

Similar Messages

• Apache Reverse proxy with SSL

  Hi,
  I'm trying to install Apache Reverse proxy which will support both HTTP and HTTPS request.
  <b>What do I need to activate to support the HTTPS requests?</b>
  I installed Apache 2.0.53 Released and trying to activate the mod_ssl.
  From Where can I get the mod_ssl.so?
  I saw that there are 2 projects:
  Apache Interface to OpenSSL (mod_ssl)
  Apache-SSL
  Do I need to use them in case I want to use HTTPs?
  Regards,
  Yael

  Get the latest oppenssl compile it. before you compile apache, execute ./configure --help in the apache directory. It will give you the commands that you need to use to activate and deactivate various things in apache.
  mine is as follows:
  ./configure --with-layout=GNU --enable-proxy --enable-ssl --with-ssl=/usr/lo
  cal/src/apachessl/openssl-0.9.7f/ --enable-vhost-alias --enable-rewrite --enable
  -so --enable-proxy-http --enable-proxy-connect --enable- headers
  then make and make install.
  hope it helps.
  Jai

• Apache Reverse Proxy and Branding Image

  Hi,
  I just installed a Apache reverse proxy on solaris. Unfortunatly, the branding image on the EP logon screen is not displayed. Anyone who knows how I can fix that?
  I read some good post for the IIS reverse proxy. Is there a way to do the same on Apache?
  Thanks
  Elvez

  Thanks for the replies.
  However, I found the solutioin in an excellent document on the Web: http://www.apacheweek.com/features/reverseproxies. It would be worth reading for SAP. I'm especially referring to the document "Apache Configuration for J2EE Web Applications". The configuration described in the SAP document is strongly avoided by the author of apacheweek.
  Best regards,
  Elvez

• Charts, reverse proxy and SSL

  I have set up an APEX server running XE under Windows 2003. I upgraded it to APEX 3.0.1. I have an application almost completed that I now want to start testing remotely, and that I want to protect with SSL. So, I installed the Windows version of Apache, and got one of my network experts to help me install an SSL certificate. We used a reverse proxy method per non-Oracle documentation we dug up using Google. (I think one of my problems may be that I did not actually configure APEX to use an external web server -- read on.) Everything seems to be working fine except the flash charts, which generate an error message that "XML loading failed." There is a URL in the error message that starts: http://127.0.0.1:8080/apex... Clearly, when APEX generates an internal URL, it is not aware of the fact that the browser is remote and the reverse proxy is only working from the Apache server to the internal APEX server (and not the other direction). This may or may not be complicated by the fact that the URL's being proxied contain "https".
  I tried to configure APEX for an external web server per instructions in the APEX 3.1 Installation Guide. HOWEVER, per step 4.4.5, I cannot find "ORACLE_HTTPSERVER_HOME\Apache\modplsql\conf\dads.conf". In fact, there is NO apache directory anywhere (except for the one that I installed indepentdently of APEX). I had this problem prior to installing Apache myself, i.e there is no obvious place where the web server that comes with APEX is installed, and there is no DADS file. I searched the ENTIRE C: drive and there is no DADS file.
  You've already guessed that I have not been using APEX very long, and I am guessing that I probably have more than one problem. I have spent hours reading documentation, and have had a lot of success with APEX. This just went further than I know how to diagnose.
  Here are some of my questions, some of which I'm sure are related:
  - Where is dads.conf?
  - Where is the 3.0.1 web server?
  - What do I have to do to get APEX to generate the correct https URL's?
  - Is it possible to set up a reverse proxy from the APEX internal web server to the external Apache server?
  Oh... and P.S.: I installed the upgrade to APEX 3.1 in the hope that it would fix something. I spent a lot of time trying to follow every step precisely. The 3.1 installation acts the same way as 3.0.1 where everything that I have done except charts works fine.
  I will be incredibly gateful if someone can help me with this.

  Did you ever find a solution to this issue?

• Apache reverse proxy and URL Iview

  Hi everybody,
  I'm trying to configure apache as reverse proxy to access my portal from extranet.
  The first problem I have is that I have to access a URL Iview that connect another internal application.
  ProxyPass /irj http://internaPortall/irj
  ProxyPassReverse /irj https://externalPortal/irj
  ProxyPass /irj http://internalApp/myApp
  ProxyPassReverse /irj https://externalApp/myApp
  In my portal the urlIview maps externalApp/myApp
  No problem to access my portal from extranet but I cannot get myApp.....
  Another point:
  I have configured SSL but if I try to connect
  https://externalPortal:8443/irj/
  apache redirects me to
  http://externalPortal/irj/
  Thanks a lot
  Massimiliano

  Hi,
  We are in a similiar situation. Can you please share the solution.
  Thanks...
  Vinay

• ISA Server Reverse Proxy and SSL

  We are running ISA 2000 and EP6SP2 and have successfully configured SSL between the internet and our ISA server which is located it our DMZ. Result when you access the portal URL you have the padlock in the browser, when you have logged onto the portal the padlock disappears. Does anyone have any advice / documents on how to configure the next step which I believe is SSL between ISA server and EP6SP2 ?
  Any advice would be apreciated.
  Thanks

  Hello Alex,
  Have you read the documentation "Configuring the IIS as the Intermediary Server" at http://help.sap.com/saphelp_nw04/helpdata/en/07/914e4f02a69f448aeee7263b2a9dc6/frameset.htm
  Regards
  Gregor

• Apache Reverse Proxy and Adobe Connect

  Hi all,
  I need to expose Adobe Connect to internet. Our client uses it with SAP's Learning Solution. I achieved to expose main page but I couldnt expose Rooms. When I click Room link (http://adobe.mydomain.com/dene/?launcher=false) it opens but room not loading.
  Any idea with this?

  Ok I gave up Apache. Now the Adobe Connect Server is in DMZ! But still no rooms open!

• Configuring a Apache Reverse Proxy for OracleAS Portal and OracleAS Single

  I'm trying to implement my Oracle Portal 10g Release 2 with a reverse proxy (Apache 2.2) as described in this link: http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm#BEIFECEH without success. I have Oracle Portal, Oracle SSO,OID in the same domain and Apache Reverse Proxy in another domain. Has anyone had success using OracleAS Portal with a reverse proxy?

  First of all i'm trying to configure a reverse proxy only for Ora SSO (infra tier). Here is what i already do:
  APACHE REVERSE PROXY (Apache 2.2)
  http:/proxy.mycompany.com:80
  ProxyRequests off
  ProxyPassInterpolateEnv On
  ProxyPass / http:/portal.tech.everett.it:7777/
  ProxyPassReverse / http:/portal.tech.everett.it:7777/
  ProxyPreserveHost On
  ORACLE SSO
  http:/portal.mycompany.com:7777
  Here are the steps i already do:
  1- CONFIG OID
  create an ldif file called setdasurl.ldif and insert as follow:
  dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
  changetype: modify
  replace: orcldasurlbase
  orcldasurlbase: http:/proxy.mycompany.com/
  then do ldapmodify as follow:
  ldapmodify -x -h portal.mycompany.com -p 3060 -D "cn=orcladmin" -w password1 -v -f setdasurl.ldif
  2- CONFIG ORA SSO (as gentjan user)
  export ORACLE_HOME=/home/gentjan/product/10.1.2/OracleAS/infra/
  2.1-config Apache config of ORA SSO
  vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
  change from:
  ServerName portal.mycompany.com
  Port 7777
  KeepAlive On
  to:
  ServerName proxy.mycompany.com
  Port 80
  KeepAlive Off
  and add at the end of httpd.conf
  RewriteEngine On
  RewriteOptions inherit
  2.2- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.3- modify SSO Server Home URL to reverse proxy hostname and port (as root)
  *$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 80*
  2.4- Updating the targets.xml File
  Open the ORACLE_HOME/sysman/emd/targets.xml file and locate the target type oracle_sso_server.
  vi $ORACLE_HOME/sysman/emd/targets.xml
  Update the HTTPMachine and HTTPPort attributes with the proxy server host and port attributes that were passed to ssocfg. For example:
  Property NAME="HTTPMachine" VALUE="proxy.mycompany.com"
  Property NAME="HTTPPort" VALUE="80"
  Property NAME="HTTPProtocol" VALUE="http"
  Save and close the file.
  Reload the Application Server Control Console by issuing this command (as gentjan):
  *$ORACLE_HOME/bin/emctl reload*
  2.5- Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port
  some needed permissions
  chmod -R 775 /home/gentjan/product/10.1.2/OracleAS/infra/dcm/
  Re-register mod_osso (as gentjan)
  *$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /home/gentjan/product/10.1.2/OracleAS/infra -site_name infra.proxy.mycompany.com -config_mod_osso TRUE -mod_osso_url http:/proxy.mycompany.com:80 -update_mode MODIFY*
  2.6- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.7- Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server*
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY*
  After this modifications my reverse proxy is ok.
  I can access to http:/proxy.mycompany.com:80 and this redirect me to Oracle Application Server Welcome page.
  If i try http:/proxy.mycompany.com/pls/orasso/orasso.home, i can view the SSO Server Home page.
  The problem that i find is when i click to Login page for Oracle SSO.
  I have the following error:
  Forbidden You don't have permission to access /pls/orasso/ORASSO.wwsec_app_priv.login on this server.
  So, in other words i can't do the login/logout under reverse proxy. Anyone can help?
  Gentjan

• 401 Unauthorized: Running portal behind an APACHE reverse proxy

  Hello to all,
  we've got following scenario:
  www <-HTTPS-> APACHE (external SSL termination) <-HTTPS-> portal
  If I call the internal URL (https://backend.xy.de:443/irj/portal) of the portal,
  I'll be redirected to the logon servlet and logon to the portal application is possible.
  Now we set up a APACHE reverse proxy in oder to access the portal from internet.
  I've set up a virtual host:
  <VirtualHost test.xy.de:443>
       <Location />
            ProxyPass https://backend.xy.de:443/
          ProxyPassReverse /
       </Location>
  </VirtualHost test.xy.de:443>
  But now if I call the portal application https://test.xy.de/irj/portal I get the following error:
  Unauthorized
  This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
  Any idea how to fix this?
  Regards Christian

  Hello Tobias,
  I have adapted your idea, but without success.
  I've checked the cookies. No cookies are delivered by the J2EE-Server.
  HTTP-ResponseHeader contains following entries:
  HTTP/1.1 401 Unauthorized
  Date: Thu, 26 Jan 2012 08:31:55 GMT
  WWW-Authenticate: Negotiate
  Content-Length: 381
  Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
  But its a bit strange.
  If I call url https://xy.de/index.html the start page will be displayed.
  A log on to system information is possible, but if I try to open the nwa, I get the same error.
  So I think this is a problem with the logon servlet. Sites with basic-authentication work.
  Calling the logon servlet direct https://xy.de/logon/logonServlet I get the same error.
  I don't think, there is a problem with the apache configuration.
  If I change the ProxyPass directive to another J2EE server everything works fine.
  There is only one difference between both system.
  System 1 (error system) is a SAP Netweaver 7.01 SP10
  The other system is a SAP Netweaver 7.02 SP 9
  Regards Christian
  Edited by: Christian Kaiser on Jan 26, 2012 9:53 AM

• Apache Reverse Proxy: Domain problem

  Hi,
  I have a problem with Apache Reverse Proxy (Apache 2.2) and SAP Enterprise Portal 6.0.
  I configured Apache as a Reverse Proxy Server (with SSL)so that the portal is accessible through the internet. Everything is working fine but the OWA integration doesn't work over the Reverse Proxy.
  If I log on to <u>http://portalsrv.mydomain.xx:12345/irj</u> the OWA integration works fine with SSO and there is no problem with session management.
  If I log on to <u>https://revproxy.mydomain.zz:1234/irj</u> and want to open Outlook I get the message that Session management doesn't work. However the other components like ESS work fine. Deactivating the DSM Logger is not a solution to this problem.
  The Log tells me:
  1.
  Application domain 'mydomain.xx' differs from Portal domain 'mydomain.zz'.
  Session Management will not work for Application 'abc.mydomain.xx'
  2.
  Application schema 'http' differs from Portal schema 'https'.
  Session Management will not work for Application 'abc.mydomain.xx'
  Is there a possibility to write a Rewrite-Rule in the Apache-Conf?
  For instance:
  https://abc.mydomain.xx --> http://abc.mydomain.zz
  Does anybody made such a rule?
  I hope anybody can help me with the problem.
  Thank you

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• Web Dispatcher - Reverse Proxy and Load Balancing

  I'm finding limited docs on Web Dispatcher with regard to reverse proxy and load balancing.  Are you aware of some recent presentations or docs in this area?  The info on help.sap.com is not what I'm looking for.
  Thanks.

  Hi,
  best thing is that you look at your scenarios and test the web dispatcher against each of it, like:
  - SSL
  - Portal only
  - Web Dynpro ABAP / Java
  - BSP
  - Different backend systems like SRM, MDM
  - Several backends with 1 Web Dispatcher
  After getting a list of use cases that you can test quite easily (installation of Web Dispatcher is done fast and can be done on a local PC), you can contact SAP Support and ask them about the specific problems and questions you encountered. This way, you'll get the official answer, sometimes they will even inform you about "secret" parameters and options.
  As of the reverse proxy functionality: there are several version of Web Dispatcher available that differ from the functionality offered. The latest version - 7.2 - is the one that offers the most, i.e. allows you to create rewrite rules like Apache.
  SAP Note 908097 - SAP Web Dispatcher: Released releases and applying patches
  br,
  Tobias

• Problem with Apache reverse proxy after applying SP13 NW

  Hello,
  we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
  Proxy Error
  The proxy server received an invalid response from an upstream server.
  The proxy server could not handle the request GET /irj/.
  Reason: Error reading from remote server
  Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
  Is is it possible, that there is a problem with sp13?
  Best regards
  Daniel Holstein

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• Reverse Proxy and Load Balancer for SMP 2.3 and Agentry Application

  Hi Expert,
  I'm putting in place a mobile solution composed by SMP 2.3 SPS 4 and SAP ECC 6.0. In the SMP 2.3 I created the agentry server and I have deployed my agentry application.
  My SMP/Agentry infrastructure is composed by two servers therefore I need a load balancer for balance the load into the several servers. Furthermore I need to use a reverse proxy in my DMZ zone.
  Based on what indicated in the SAP note "1904213 - SAP Mobile Platform Server Release Information" the Apache Reverse Proxy is not supported for Agentry clients. Agentry uses nginx for Reverse Proxy.
  I also found the following document How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x that explain how to set-up a reverse proxy and load balancer with nginx and apache.
  Both the SAP note and the HOW to document are refereed to SMP 3.0 and not to SMP 2.3.
  I would know if the NGINX must be used also for SMP 2.3.
  Any suggestion/information is appreciated.
  Thanks in advance
  g.

  Please see Agentry Network Landscapes

• IC WebClient - Apache Reverse Proxy

  Hi,
  We are working on CRM 5.0. I have configured the apache reverse proxy to work with EP7.0. All the iviews from the portal are working fine except the IC webclient. When the user clicks on the IC Webclient tab, it displays a blank window as 'Loading' and doesn't do anything. At the left bottom of the screen, i do see a javascript error. Double click on the error opens a window with the error description as 'Invalid argument' and the url is
  http://crq.vm.com/sap(bD1lbiZjPTAxMCZkPW1pbiZpPTEmcz1TSUQlM2FBTk9OJTNhc2FwY3JxMDBfQ1JRXzAwJTNhdlEtSDRHeFU1R0d6WGtUZ0daTjE3cmtrWTZqSjVFUEZRSWljWWc4cS1BVFQ=)/bc/bsp/sap/ic_base/default.htm?sap-tray-type=PLAIN&sap-tray-padding=X&sap_ep_version=7%2e00%2e200707191011&sap_ep_baseurl=http%3a%2f%2fepq%2evm%2ecom%3a80%2firj%2fportal
  Please let me know if anyone knows how to resolve this issue.
  Thanks,
    VSingh!!

  Did you resolve this issue?  There is this note.
  Note 651435 - Cannot run applets on Sun JVM 1.4.x with proxy server

• Apache Reverse Proxy

  Hi
  I have installed Apache Reverse Proxy to access my Portal and ECC6.
  In the httpd config file , i have done the following settings.
  <VirtualHost ipaddress:port>
  ProxyPreserveHost On
  ProxyPass /irj/ http://portalserver:50000/irj/
  ProxyPassReverse /irj/ http://portalserver:50000/irj/
  ProxyPass /eccdev/ http://eccserver:8000/eccdev/
  ProxyPassReverse /eccdev/ http://eccserver:8000/eccdev/
  </VirtualHost>
  eccdev is external alias for the path
  /sap/bc/gui/sap/its/webgui/
  With this setting when i  when a request is made for eccdev/
  it takes me to the ecc6 login page.
  when i enter the required information , it just clears the username password fields.
  i checked that the username password are correctly entered.
  what is the problem ?
  Regards
  Rajendra

  Hi Darren ,
  Thanks for the reply.
  Our SSO between Portal and  ECC6 works fine without Reverse Proxy.
  If we access the Portal Through Reverse Proxy , when we navigate to any iViews say BSP iView , it asks for Username password. Once provided it works fine.
  Second Scenario is Using Reverse Proxy to Directly access
  SAP GUI . i.e without using Portal.
  If i do not use Reverse Proxy , i can access my ECC6 webgui
  through browser after providing the Login Details, but if i use Reverse Proxy then Even after providing the Login Details ,
  the LogOn Box does not go and keeps asking for login details.
  To summarize , i just want to acess the SAP GUI from Browser
  using Reverse Proxy . I am able to do it without reverse Proxy .
  Can you help ?