Apache Reverse proxy with SSL

Hi,
I'm trying to install Apache Reverse proxy which will support both HTTP and HTTPS request.
<b>What do I need to activate to support the HTTPS requests?</b>
I installed Apache 2.0.53 Released and trying to activate the mod_ssl.
From Where can I get the mod_ssl.so?
I saw that there are 2 projects:
Apache Interface to OpenSSL (mod_ssl)
Apache-SSL
Do I need to use them in case I want to use HTTPs?
Regards,
Yael

Get the latest oppenssl compile it. before you compile apache, execute ./configure --help in the apache directory. It will give you the commands that you need to use to activate and deactivate various things in apache.
mine is as follows:
./configure --with-layout=GNU --enable-proxy --enable-ssl --with-ssl=/usr/lo
cal/src/apachessl/openssl-0.9.7f/ --enable-vhost-alias --enable-rewrite --enable
-so --enable-proxy-http --enable-proxy-connect --enable- headers
then make and make install.
hope it helps.
Jai

Similar Messages

Apache reverse proxy and SSL termination

Hi Guru's
Can anyone tell me, how to do SSL termination at apache reverse proxy. I am using apache reverse proxy for accesing portal from internet. Apache is configured for SSL and portal is NON SSL.
I am using header variable login module in portal. i wanted to terminate SSL at apache reverse proxy and then all traffic after that should be clear text.
should i maitain any property. is there any documentation for it.
Please help me
Tom

The majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.
You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.
what level I need to configure SSL and how do I proceed in both scenarios?
Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.
how do I proceed in both scenarios?
From a portal perspective, the configuration should remain the same.
Do I have to install SSL at portal, web dispatcher or at Apache level?
SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.
See the following for possible SSL implementation options:
http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
https://cw.sdn.sap.com/cw/docs/DOC-115509
Will SSL termination work for scenario 2?
Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm
However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.
I would recommend you to take a step by step (backward approach).
First, enable SSL on your portal and make sure it works - going directly to the server.
Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.
Finally - you can test the end to end flow - with your Reverse proxy involved.
- Shanti

Apache Reverse Proxy with Abap Web query

Hi to all
We are trying to configure apache 2 to work as a reverse proxy with web abap Netweaver installation.
From inside the network the web query is fine.
Running the query with the reverse proxy we have only the html code in the browser. All the scripts and css are not present.
We checked some messages inside the forum and we have tried a lot of stuff without success.
We use always linux (Fedora, Ubuntu with xampp or apache only) plus the html module or the publisher from http://apache.webthing.com.
Our installation is like this the reverse proxy in the dmz and the netweaver to the inside off coarse, and we don't have the same domain name, i don't know if this is important.
Any help/idea is valuable.
Thank you
Yiannis

Hi Olivier
I have seen your solution in other messages but i didn't try it because i was trying to work with the html_proxy module.
I read the documents you gave me plus some apache tutorials on the rewrite rule.
In any case i have my installation working now.
I did some extra changes in my config so now the rules are like that
ProxyVia On
ProxyBadHeader IsError
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /sap http://192.168.1.59:8001/sap
ProxyPassReverse /sap http://192.168.1.59:8001/sap
RewriteEngine On
RewriteRule ^/(sap\(.*) http://192.168.1.59:8001/$1 [P,L]
Thanks again for your help
Yiannis

Problem with Apache reverse proxy after applying SP13 NW

Hello,
we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /irj/.
Reason: Error reading from remote server
Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
Is is it possible, that there is a problem with sp13?
Best regards
Daniel Holstein

Hi Daniel,
ok I`ll try to find a solution in parallel and keep you up to date.
In the following my settings in case I missed something:
<VirtualHost test.firma.de:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
ServerName test.firma.de:443
ServerAdmin [email protected]
LogLevel debug
ErrorLog logs/ssl_443_error
CustomLog logs/ssl_443_access_log common
ProxyVia Off
ProxyPreserveHost On
ReWriteEngine on
ReWriteLogLevel 0
ReWriteLog logs//ssl_443_rewrite_http.log
ProxyPass / https://backend.firma.de:50001/
ProxyPassReverse / https://backend.firma.de:50001/
</VirtualHost>
Regards, Jens

Reverse proxy with apache2

Hi folks,
I have a huge problem here. I have a apache 2.0.50 on a Linux system that is to act as a reverse proxy for an enterprise portal. I have set up the apache to do reverse proxying and so far I have made first success. I can get to the login page of the portal and I even managed to make it show the images. The problem is, when I try to log on to the portal I am always send back to the logon page in the very instance. If I enter the wrong logon information I see the authorization failed text, but when I enter correct information I only see the logon page again.
I will put tyhe relevant part of my httpd.conf to this message and hope someone can point me to the right location or maybe even tell me what I'm doing wrong.
And ny the way, the portal itself works perfectky when connected directly.
Kind regards,
   Christian Guenther
Reverse proxy configuration ############################################
NameVirtualHost 172.30.210.96
<VirtualHost 172.30.210.96>
   ServerAdmin [email protected]
   ServerName host.external.de
SSL is turned off at the moment
   SSLEngine Off
   SSLCertificateFile /etc/apache2/ssl.crt/proxy.cert.cert
   SSLCertificateKeyFile /etc/apache2/ssl.key/proxy.cert.key
Set up as a proxy for internal SAP systems
   ProxyRequests Off
   ProxyPreserveHost Off
   <Proxy *>
      Order deny,allow
      Allow from all
   </Proxy>
IRJ
<Location /irj/>
    ProxyPass http://host.internal.lan:8001/irj/
    ProxyPassReverse http://host.internal.lan:8001/irj/
rewriting rules for proxy
    RewriteEngine On
    RewriteCond % \.jsp
    RewriteRule ^(.+) % [P]
    RewriteCond % \.servlet
    RewriteRule ^(.+) %
Portal
rewriting rules for proxy
[P]
</Location>
<Location />
    ProxyPass http://host.internal.lan:8001/
    ProxyPassReverse http://host.internal.lan:8001/
    RewriteEngine On
    RewriteCond % \.jsp
    RewriteRule ^(.+) % [P]
    RewriteCond % \.servlet
    RewriteRule ^(.+) % [P]
</Location>
</VirtualHost>

This is a valid configuration for an Apache Reverse Proxy:
ThreadsPerChild 250
MaxRequestsPerChild 0
ServerRoot /usr/local/apache2
Listen 443
#LoadModule dir_module modules/mod_dir.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule include_module modules/mod_include.so
#LoadModule autoindex_module modules/mod_autoindex.so
LoadModule access_module modules/mod_access.so
#LoadModule auth_module modules/mod_auth.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule mime_module modules/mod_mime.so
#LoadModule env_module modules/mod_env.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule setenvif_module modules/mod_setenvif.so
LoadModule alias_module modules/mod_alias.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule ssl_module modules/mod_ssl.so
ServerAdmin [email protected]
ServerName your.servername.com
UseCanonicalName Off
make sure zou include these with valid entries...
Include conf/log.conf
Include conf/mime.conf
Include conf/default.conf
Include conf/ssl.conf
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
this is for the MS IE SSL bug
BrowserMatch ".MSIE." nokeepalive ssl-unclean-shutdown downgrade-1.0#
force-response-1.0
Header add P3P CP="NOI"
Proxy with caching
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
CacheRoot /usr/local/apache2/Cache
CacheEnable disk /
CacheDirLevels 5
CacheDirLength 3
<VirtualHost *:443>
    ServerName your.servername.com
    ServerAdmin [email protected]
Set the level of log entries - debug produces A LOT of messages
    LogLevel debug
    ErrorLog logs\error.log
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    CustomLog logs\access.log common
NEVER turn this On, it would create a forward proxy
    ProxyRequests Off
    ProxyPreserveHost On
it is important that the proxy uses active protocol used in the
internet section of the request
    RequestHeader set ClientProtocol https
    Header add P3P CP="NOI"
we need to answer HTTPS requests, so we need an ssl engine
    SSLEngine On
and a cipher suite plus certificate
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4RSA:HIGH:MEDIUM:LOW:SSLv2:EXP:+eNULL
    SSLProtocol all -SSLv2
of course these entries have to be adopted
    SSLCertificateFile conf/certs/server.crt
    SSLCertificateKeyFile conf/certs/server.key
    SSLOptions +StdEnvVars
this is for the bloody MS IE - I don't know why, but they seem to
have trouble learning in redmond
    BrowserMatch ".MSIE." \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
    CustomLog logs/ssl_request.log \
          "%t %h %x %x \"%r\" %b"
below are the proxied hosts - you always need ProxyPass
AND ProxyPassReverse otherwise it will not work correctly
ITS
    #ProxyPass /iac/               http://itsserver:8081/iac/
    #ProxyPassReverse /iac/          http://itsserver:8081/iac/
direct portal connection              this ought to be the IP
    ProxyPass /irj/               http://10.8.1.14:50000/irj/
    ProxyPassReverse /irj/          http://10.8.1.14:50000/irj/
    ProxyPass /logon/               http://10.8.1.14:50000/logon/
    ProxyPassReverse /logon/          http://10.8.1.14:50000/logon/
Rewrite Rule in case ICM puts session information in URL
NEVER REALLY HARMS
    RewriteEngine On
    RewriteRule ^/(sap\(.*) http://10.8.1.14:50000/$1 [P,L]
    #ProxyPass /chooselogin/          http://10.8.9.0:50000/chooselogin/
    #ProxyPassReverse /chooselogin/     http://10.8.9.0:50000/chooselogin/
</VirtualHost>

Apache Reverse Proxy: Domain problem

Hi,
I have a problem with Apache Reverse Proxy (Apache 2.2) and SAP Enterprise Portal 6.0.
I configured Apache as a Reverse Proxy Server (with SSL)so that the portal is accessible through the internet. Everything is working fine but the OWA integration doesn't work over the Reverse Proxy.
If I log on to <u>http://portalsrv.mydomain.xx:12345/irj</u> the OWA integration works fine with SSO and there is no problem with session management.
If I log on to <u>https://revproxy.mydomain.zz:1234/irj</u> and want to open Outlook I get the message that Session management doesn't work. However the other components like ESS work fine. Deactivating the DSM Logger is not a solution to this problem.
The Log tells me:
1.
Application domain 'mydomain.xx' differs from Portal domain 'mydomain.zz'.
Session Management will not work for Application 'abc.mydomain.xx'
2.
Application schema 'http' differs from Portal schema 'https'.
Session Management will not work for Application 'abc.mydomain.xx'
Is there a possibility to write a Rewrite-Rule in the Apache-Conf?
For instance:
https://abc.mydomain.xx --> http://abc.mydomain.zz
Does anybody made such a rule?
I hope anybody can help me with the problem.
Thank you

Hi Daniel,
ok I`ll try to find a solution in parallel and keep you up to date.
In the following my settings in case I missed something:
<VirtualHost test.firma.de:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
ServerName test.firma.de:443
ServerAdmin [email protected]
LogLevel debug
ErrorLog logs/ssl_443_error
CustomLog logs/ssl_443_access_log common
ProxyVia Off
ProxyPreserveHost On
ReWriteEngine on
ReWriteLogLevel 0
ReWriteLog logs//ssl_443_rewrite_http.log
ProxyPass / https://backend.firma.de:50001/
ProxyPassReverse / https://backend.firma.de:50001/
</VirtualHost>
Regards, Jens

401 Unauthorized: Running portal behind an APACHE reverse proxy

Hello to all,
we've got following scenario:
www <-HTTPS-> APACHE (external SSL termination) <-HTTPS-> portal
If I call the internal URL (https://backend.xy.de:443/irj/portal) of the portal,
I'll be redirected to the logon servlet and logon to the portal application is possible.
Now we set up a APACHE reverse proxy in oder to access the portal from internet.
I've set up a virtual host:
<VirtualHost test.xy.de:443>
     <Location />
          ProxyPass https://backend.xy.de:443/
        ProxyPassReverse /
     </Location>
</VirtualHost test.xy.de:443>
But now if I call the portal application https://test.xy.de/irj/portal I get the following error:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Any idea how to fix this?
Regards Christian

Hello Tobias,
I have adapted your idea, but without success.
I've checked the cookies. No cookies are delivered by the J2EE-Server.
HTTP-ResponseHeader contains following entries:
HTTP/1.1 401 Unauthorized
Date: Thu, 26 Jan 2012 08:31:55 GMT
WWW-Authenticate: Negotiate
Content-Length: 381
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
But its a bit strange.
If I call url https://xy.de/index.html the start page will be displayed.
A log on to system information is possible, but if I try to open the nwa, I get the same error.
So I think this is a problem with the logon servlet. Sites with basic-authentication work.
Calling the logon servlet direct https://xy.de/logon/logonServlet I get the same error.
I don't think, there is a problem with the apache configuration.
If I change the ProxyPass directive to another J2EE server everything works fine.
There is only one difference between both system.
System 1 (error system) is a SAP Netweaver 7.01 SP10
The other system is a SAP Netweaver 7.02 SP 9
Regards Christian
Edited by: Christian Kaiser on Jan 26, 2012 9:53 AM

Setting apache reverse proxy for EP6SP2

Hi friends,
I want to set apache reverse proxy for EP6SP2. But after doing the following changes, it is showing the SAP J2EE Engine documentation page.
The following changes has been dont to httpd.conf:
NameVirtualHost 1.1.1.1:80
<VirtualHost 1.1.1.1:80>
ProxyRequests Off
ServerName ep6.xyz.com
ProxyPreserveHost On
proxyPass / http://ep6.xyz.com:50000/
proxyPassReverse / http://ep6.xyz.com:50000/
ErrorLog logs/base.80.error.log
CustomLog logs/base.80.custom.log common
</VirtualHost>
Help needed.
Regards,
Nilz

Hi,
I have a problem with my proxy:
ssl.conf.in like
ProxyPass /irj http://debmsu06.server.###.de:50300/irj
ProxyPassReverse /irj http://debmsu06.server.###.de:50300/irj
RewriteRule ^/$ /irj/portal [R]
If I use URL:
https://bebuyer.###.de/ goto https://bebuyer.###.de/irj/portal
but if I use
https://bebuyer.###.de/irj/
I get the info:
https://bebuyer.###.de/irj/HTTPS:/bebuyer.###.de:443/irj/index.html
What is happened? How I can redirect to /irj/portal?
Of course I can use
http://debmsu06.server.###.de:50300/irj/
Could you please give me some tips?
Best Thanks!
Heren Zhou

IC WebClient - Apache Reverse Proxy

Hi,
We are working on CRM 5.0. I have configured the apache reverse proxy to work with EP7.0. All the iviews from the portal are working fine except the IC webclient. When the user clicks on the IC Webclient tab, it displays a blank window as 'Loading' and doesn't do anything. At the left bottom of the screen, i do see a javascript error. Double click on the error opens a window with the error description as 'Invalid argument' and the url is
http://crq.vm.com/sap(bD1lbiZjPTAxMCZkPW1pbiZpPTEmcz1TSUQlM2FBTk9OJTNhc2FwY3JxMDBfQ1JRXzAwJTNhdlEtSDRHeFU1R0d6WGtUZ0daTjE3cmtrWTZqSjVFUEZRSWljWWc4cS1BVFQ=)/bc/bsp/sap/ic_base/default.htm?sap-tray-type=PLAIN&sap-tray-padding=X&sap_ep_version=7%2e00%2e200707191011&sap_ep_baseurl=http%3a%2f%2fepq%2evm%2ecom%3a80%2firj%2fportal
Please let me know if anyone knows how to resolve this issue.
Thanks,
VSingh!!

Did you resolve this issue? There is this note.
Note 651435 - Cannot run applets on Sun JVM 1.4.x with proxy server

Apache Reverse Proxy

Hi
I have installed Apache Reverse Proxy to access my Portal and ECC6.
In the httpd config file , i have done the following settings.
<VirtualHost ipaddress:port>
ProxyPreserveHost On
ProxyPass /irj/ http://portalserver:50000/irj/
ProxyPassReverse /irj/ http://portalserver:50000/irj/
ProxyPass /eccdev/ http://eccserver:8000/eccdev/
ProxyPassReverse /eccdev/ http://eccserver:8000/eccdev/
</VirtualHost>
eccdev is external alias for the path
/sap/bc/gui/sap/its/webgui/
With this setting when i when a request is made for eccdev/
it takes me to the ecc6 login page.
when i enter the required information , it just clears the username password fields.
i checked that the username password are correctly entered.
what is the problem ?
Regards
Rajendra

Hi Darren ,
Thanks for the reply.
Our SSO between Portal and ECC6 works fine without Reverse Proxy.
If we access the Portal Through Reverse Proxy , when we navigate to any iViews say BSP iView , it asks for Username password. Once provided it works fine.
Second Scenario is Using Reverse Proxy to Directly access
SAP GUI . i.e without using Portal.
If i do not use Reverse Proxy , i can access my ECC6 webgui
through browser after providing the Login Details, but if i use Reverse Proxy then Even after providing the Login Details ,
the LogOn Box does not go and keeps asking for login details.
To summarize , i just want to acess the SAP GUI from Browser
using Reverse Proxy . I am able to do it without reverse Proxy .
Can you help ?

Apache reverse proxy setting for access to Backend

Hi experts,
we have set up apache reverse proxy to make available our NW portal (and SRM functions)over the internet.
Our settings look something like this:
ProxyRequests Off
<VirtualHost *:80>
     ServerName myportal.portalhosto.com
     ProxyPreserveHost On
     ProxyPass /irj/ http://myportal.portalhost.com:53200/irj/
     ProxyPass /webdynpro/ http://myportal.postalhost.com:53200/webdynpro/
     ProxyPassReverse /irj/ http://myportal.portalhost.com:53200/irj/
     ProxyPassReverse /webdynpro/ http://myportal.portalhost.com:53200/webdynpro/
     ErrorLog logs/myportal.portalhost.com-error.log
     CustomLog logs/myportal.portalhost.com-custom.log combined
RewriteEngine On
     RewriteRule ^/sap/(.*)$ http://mybackend.backendhost.com:8020/sap/$1 [P,NC]
</VirtualHost>
Problem:
when we access the portal from the internal network(either by using the internal URL or external URL) things work fine.
But we access the portal from internet, we are able to login to the portal and acess all webdynpro Java related applications.But when we try to acess the BSP/WD abap application running on a backend SRM system, we get 'host not found' message with the INTERNAL url of the SRM backend application displayed.
Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
Any help in resolving this would be greatly appreciated.
regards,
Kiran

Hi,
Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
Yes , you have to expose your backend system using reverse proxy ...
When user access the portal and when he clicks on BSP/WD , the URL get re-directed to backend system.
But , as your backend system is not expose on internet , you get an error as host not found.
So, to solve your problem you have to expose your backend system on internet. It is in general pratice to expose on internet.
Thanks
Anil

404 error while accessing sicf services via apache reverse proxy

Hi,
I set up an reverse proxy with apache 2.2 and try to access SICF Services via this proxy. I got the following error message from the sap system:
Service cannot be reached
The termination occurred in system SMP with error code 404 and for the reason Not found.
The selected virtual host was 0 .
What can I do?
Please select a valid URL.
If you do not yet have a user ID, contact your system administrator.
ErrorCode:ICF-NF-http-c:000-u:SAPSYS-l:E-i:NE-SSMP01_SMP_00-v:0-s:404-r:Notfound
When I access J2EE services via the proxy it works.
Is there any configuration which have to be done in the ABAP Stack for accessing Services via the proxy server?
For tests I tried to access the simple ping service ( /default_host/sap/public/ )
Thanks and best regards,
Tim

Hi Oliver,
I allready checked the SDN posts for the reverse proxy. Maybe I missed something.
The ProxyPreserveHost is on.
I redirect to the ICM. I only redirected to the J2EE for tests. This worked by the way withe the same conifiguration.
Here is my apache config:
VirtualHost *:5443>
        ServerName      domain.com
        ServerAdmin     test.de
     ProxyPreserveHost On
     #ProxyVia On
     #AllowEncodedSlashes On
Rewrite Rules
- forward sap/public/ping?sap-client=001 -> Test Ping
- Passthrough /sap/public/ping/*
- Redirect any other URL -> Test Ping
        RewriteEngine On
        RewriteRule     ^/sap/public/ping?sap-client=001$     /sap/public/ping?sap-client=001          [R,L]
     RewriteRule     ^/sap/public/(.*)                     /sap/public/$1                    [PT,L]
     RewriteRule (.*)                               /sap/public/ping?sap-client=001          [R,L]
     RewriteLog logs/rewrite_SMP.log
     RewriteLogLevel 3
Reverse Proxy to
- Disable Forward Proxy
- Allow Connections from All
- Reverse Mapping for 302 Response
- Forward / Requests to domain.com:8000
        ProxyRequests Off
        <Proxy *>
                AddDefaultCharset off
                Order Allow,Deny
                Allow from all
        </Proxy>
Forward Rules
     ProxyPass             /sap/public/ping          http://domain.com:8000/sap/public/ping?sap-client=001
     ProxyPassReverse      /                    http://domain.com:8000/
</VirtualHost>
Best regards,
Tim

Configuring a Apache Reverse Proxy for OracleAS Portal and OracleAS Single

I'm trying to implement my Oracle Portal 10g Release 2 with a reverse proxy (Apache 2.2) as described in this link: http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm#BEIFECEH without success. I have Oracle Portal, Oracle SSO,OID in the same domain and Apache Reverse Proxy in another domain. Has anyone had success using OracleAS Portal with a reverse proxy?

First of all i'm trying to configure a reverse proxy only for Ora SSO (infra tier). Here is what i already do:
APACHE REVERSE PROXY (Apache 2.2)
http:/proxy.mycompany.com:80
ProxyRequests off
ProxyPassInterpolateEnv On
ProxyPass / http:/portal.tech.everett.it:7777/
ProxyPassReverse / http:/portal.tech.everett.it:7777/
ProxyPreserveHost On
ORACLE SSO
http:/portal.mycompany.com:7777
Here are the steps i already do:
1- CONFIG OID
create an ldif file called setdasurl.ldif and insert as follow:
dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
changetype: modify
replace: orcldasurlbase
orcldasurlbase: http:/proxy.mycompany.com/
then do ldapmodify as follow:
ldapmodify -x -h portal.mycompany.com -p 3060 -D "cn=orcladmin" -w password1 -v -f setdasurl.ldif
2- CONFIG ORA SSO (as gentjan user)
export ORACLE_HOME=/home/gentjan/product/10.1.2/OracleAS/infra/
2.1-config Apache config of ORA SSO
vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
change from:
ServerName portal.mycompany.com
Port 7777
KeepAlive On
to:
ServerName proxy.mycompany.com
Port 80
KeepAlive Off
and add at the end of httpd.conf
RewriteEngine On
RewriteOptions inherit
2.2- update DCM Repository (as root)
*$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
2.3- modify SSO Server Home URL to reverse proxy hostname and port (as root)
*$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 80*
2.4- Updating the targets.xml File
Open the ORACLE_HOME/sysman/emd/targets.xml file and locate the target type oracle_sso_server.
vi $ORACLE_HOME/sysman/emd/targets.xml
Update the HTTPMachine and HTTPPort attributes with the proxy server host and port attributes that were passed to ssocfg. For example:
Property NAME="HTTPMachine" VALUE="proxy.mycompany.com"
Property NAME="HTTPPort" VALUE="80"
Property NAME="HTTPProtocol" VALUE="http"
Save and close the file.
Reload the Application Server Control Console by issuing this command (as gentjan):
*$ORACLE_HOME/bin/emctl reload*
2.5- Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port
some needed permissions
chmod -R 775 /home/gentjan/product/10.1.2/OracleAS/infra/dcm/
Re-register mod_osso (as gentjan)
*$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /home/gentjan/product/10.1.2/OracleAS/infra -site_name infra.proxy.mycompany.com -config_mod_osso TRUE -mod_osso_url http:/proxy.mycompany.com:80 -update_mode MODIFY*
2.6- update DCM Repository (as root)
*$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
2.7- Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier
*$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server*
*$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY*
After this modifications my reverse proxy is ok.
I can access to http:/proxy.mycompany.com:80 and this redirect me to Oracle Application Server Welcome page.
If i try http:/proxy.mycompany.com/pls/orasso/orasso.home, i can view the SSO Server Home page.
The problem that i find is when i click to Login page for Oracle SSO.
I have the following error:
Forbidden You don't have permission to access /pls/orasso/ORASSO.wwsec_app_priv.login on this server.
So, in other words i can't do the login/logout under reverse proxy. Anyone can help?
Gentjan

Accessing Fiori from Apache reverse proxy.

Hi All,
I have installed Fiori setup in local network.
When I tried to access the URL from External world using Apache Reverse Proxy Server installed in DMZ it is not getting connected.
Is there any specific configuration that we need to do in Fiori? Can any one help me on this.
cc:Babu Ganesh V
Thanks
-Arun
Tags edited by: Michael Appleby

Hi Masa,
I think we have a similar issue when opening the Fiori Launchpad.
Directly accessing the gateway server works fine in the intranet.
Going via the Apache reverse proxy shows the following in InternetExplorer F12 Developer Tools:
Request:
/sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('%2FUI2%2FFiori2LaunchpadHome')?$expand=Pages/PageChipInstances/Chip/ChipBags/ChipProperties,Pages/PageChipInstances/RemoteCatalog,Pages/PageChipInstances/ChipInstanceBags/ChipInstanceProperties,AssignedPages,DefaultPage
Response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head><title>404 Not Found</title></head>
<body>
<h1>Not Found</h1>
<p>The requested URL /sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets'/UI2/Fiori2LaunchpadHome') was
not found on this server.</p>
</body></html>
I assume the issue is with either the URLencoded part %2FUI2%2FFiori...
or with the brackets, the dollar sign or the commas used in the URL.
Could you maybe point out what's the crucial parts we need to add to our Apache Reverse Proxy config?
So far we have mainly used
ProxyPreserveHost On and
ProxyPass and ProxyPassreverse pairs.
What do we need to get the bracket (, the URLencoded part, the $ or the , through to the gateway server.
Regs Ulf

OCS on a single computer / DMZ using Apache reverse proxy

Hi there,
we've installed the OCS 10.1.2 on a single Solaris box in our internal LAN. Everything works fine internally. We would like to configure a Apache reverse proxy in our DMZ to get the possibility to use it from outside (as shown in "Oracle Collaboration Suite Deployment Guide", chapter 3, Figure 3-2 Single Computer in a DMZ). Unfortunately I didn't find any configuration hints for the reverse proxy.
Can someone provide me with an example configuration?
Thanks,
Christoph

Hello Andreas and Christoph!
I have the same problem like Christoph. We made a Singlebox-Installation of OCS 10.1.2 in the intranet. Now I am looking for installation documentation, how I have to configure a Apache or Oracle Standalone Webcache as a reverseproxy in the DMZ. to allow access the OCS from the internet. I only read, that it is possible, but nothing about the way.
I have installed a Webcache (OAS 10.1.2 Java Edition not dht standalone Veersion from the Companion CD) and configured by my own knowledge. The result was network errors.
Is there anywhere information?
Best regards!
Axel

Apache Reverse proxy with SSL

Similar Messages

Maybe you are looking for