Error in reverse proxy

Similar Messages

• Error Installing Reverse proxy plugin

  hi,
  I am following the exact steps given in the http://docs.sun.com/app/docs/doc/819-6510/6n8h5jos7?a=view#fundl
  to install the Web Proxy server. For that I have modified the magnus.conf and the obj.conf files as follows:-
  magnus.conf-- add the line
  Init fn="load-modules" shlib="D:/Sun/WebServer6.1/bin/https/bin/passthrough.dll" shlib_flags="(global|now)"
  obj.conf-- added the lines
  <Object name="default">
  NameTrans fn="assign-name" from="/jsp-examples(|/*)" name="server.example.com"
  </Object>
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  Servers="http://server.example.com:8080"
  User="blues" password="password"
  </Object>
  after this I am getting a log in the error file as
  [27/Nov/2006:21:47:17] config ( 2028): CORE3185: Invalid configuration: File config\server.xml, line 25, column 50: HTTP3258: Error processing obj.conf line 51: HTTP2212: Directives must have at least one parameter
  Can any body help me in solving this issue.
  thanks in advance
  dhawanmayur

  Hi,
  The servers and user parameters should be lowercase.
  Please try having it as follows:
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  servers="http://server.example.com:8080"
  user="blues" password="password"
  </Object>
  Please see example from
  http://docs.sun.com/app/docs/doc/819-6510/6n8h5jos7?a=
  view#fundl
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  servers="http://server.example.com:8080"
  user="blues"
  password="j4ke&elwOOd"
  </Object>
  Hi,
  The servers and user parameters should be lowercase.
  Please try having it as follows:
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  servers="http://server.example.com:8080"
  user="blues" password="password"
  </Object>
  Please see example from
  http://docs.sun.com/app/docs/doc/819-6510/6n8h5jos7?a=
  view#fundl
  <Object name="server.example.com">
  # Proxy the requested resource to the URL
  # "http://server.example.com:8080"
  Service fn="service-passthrough"
  servers="http://server.example.com:8080"
  user="blues"
  password="j4ke&elwOOd"
  </Object>thanks roho,
  I had tried that scenario. but what mistake I was doing was , that the parameters server, username and password all have to be in same line.else it woulg give u an error like the one I was facing.
  thanks
  dhawanmayur

• BizTalk published WCF service throwing HTTP 404 error using ISA reverse proxy settings

  I have published my schemas as a WCF service from BizTalk 2010 "Publish WCF Service" wizard. I used Wcf-basicHTTP adapter in receive port. I am able to run the service successfully on localhost IIS and I tested my biztalk solution by sending request using SOAP UI and got response successfully.... Now: Actually, I need to give this service endpoint to my vendor who will send request from outside my company's network i.e. internet. In my infrastrucrue BizTalk is behind the firewall so, we setup a REVERSE proxy server at DMZ layer and it is configured properly. I have tested a simple WCF service by replacing the localhost with Proxy server configured address <DNSName> and it worked absolutely fine. But when I change localhost in my BizTalk schema based published WCF service it is not working and I am getting following error. Really strugling to get it resolved. I wasted a whole 3 days....very upset. Please help me out by giving the detailed step solution. Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly. Requested URL: /BizTalkServiceInstance/MyService.svc I am surprized why other c# code based WCF services are working fine with reverse proxy settings. Server Error in '/' Application. The resource cannot be found.Is there any special things to consider Biztalk exposed wcf servcie over ssl in IIS cluster with ISA

  Hi Singam :)
  First I would start by browsing any other files (files other than the one from WCF) just to ensure that the reverse-proxy’s redirection rules are set correctly. If you get the same 404 error when you try to access other service/files “through reverse-proxy”,
  then it’s an issue in the redirection rule(s) in reverse-proxy.
  If others are fine i.e. no issue in reverse-proxy setup as such, then try the following for WCF service's web.config file. I have seen this issue in WCF service (not just BizTalk’s artifacts exposed as service in reverse-proxy). Add serviceHostingEnvironment
  config as show with in serviceModel section.
  <system.serviceModel>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  Regards,
  M.R.Ashwin Prabhu
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• 404 error while accessing sicf services via apache reverse proxy

  Hi,
  I set up an reverse proxy with apache 2.2 and try to access SICF Services via this proxy. I got the following error message from the sap system:
  Service cannot be reached
  The termination occurred in system SMP with error code 404 and for the reason Not found.
  The selected virtual host was 0 .
  What can I do?
  Please select a valid URL.
  If you do not yet have a user ID, contact your system administrator.
  ErrorCode:ICF-NF-http-c:000-u:SAPSYS-l:E-i:NE-SSMP01_SMP_00-v:0-s:404-r:Notfound
  When I access J2EE services via the proxy it works.
  Is there any configuration which have to be done in the ABAP Stack for accessing Services via the proxy server?
  For tests I tried to access the simple ping service ( /default_host/sap/public/ )
  Thanks and best regards,
  Tim

  Hi Oliver,
  I allready checked the SDN posts for the reverse proxy. Maybe I missed something.
  The ProxyPreserveHost is on.
  I redirect to the ICM. I only redirected to the J2EE for tests. This worked by the way withe the same conifiguration.
  Here is my apache config:
  VirtualHost *:5443>
          ServerName      domain.com
          ServerAdmin     test.de
       ProxyPreserveHost On
       #ProxyVia On
       #AllowEncodedSlashes On
  Rewrite Rules
  - forward sap/public/ping?sap-client=001 -> Test Ping
  - Passthrough /sap/public/ping/*
  - Redirect any other URL -> Test Ping
          RewriteEngine On
          RewriteRule     ^/sap/public/ping?sap-client=001$     /sap/public/ping?sap-client=001          [R,L]
       RewriteRule     ^/sap/public/(.*)                     /sap/public/$1                    [PT,L]
       RewriteRule (.*)                               /sap/public/ping?sap-client=001          [R,L]
       RewriteLog logs/rewrite_SMP.log
       RewriteLogLevel 3
  Reverse Proxy to
  - Disable Forward Proxy
  - Allow Connections from All
  - Reverse Mapping for 302 Response
  - Forward / Requests to domain.com:8000
          ProxyRequests Off
          <Proxy *>
                  AddDefaultCharset off
                  Order Allow,Deny
                  Allow from all
          </Proxy>
  Forward Rules
       ProxyPass             /sap/public/ping          http://domain.com:8000/sap/public/ping?sap-client=001
       ProxyPassReverse      /                    http://domain.com:8000/
  </VirtualHost>
  Best regards,
  Tim

• FRM 92050 error via a reverse proxy

  Hi,
  How can jinitiator on a client workstation on the internet connect through a reverse proxy to forms server?
  I have practically no experience with this so please excuse my lack of terminology.
  Here are some more details:
  This successfully works from within the intranet.
  The jinit.exe version is 1.1.8.19
  Not sure of the forms server version.
  From the Java Console:
  proxyHost=null
  proxyPort=0
  connectMode=HTTP
  ERROR: HTTPStrea.connect(),giving up after 10 failures.
  On the forms screen the error message is: FRM-92050:Failed to connect to the Server: 10.121.191.9:9000
  The firewall ports have 80 and 9000 open.
  I have tried varying proxy and port entries in the jinititor console pointing to the external FQDN of the reverse proxy at 80 and 9000 and no good.
  Any help or suggestions would be appreciated.
  If any further info would be required, please let me know.
  Thanks,
  Kris

  We came up with the new Forms Listener Servlet Architecture to resolve these issues. You can read about it in the Forms area on OTN.
  It allows Forms to communicate to the server in a standard way, thereby working with firewalls and proxies.
  Regards,
  Robin Zimmermann
  Forms Product Management

• Exchange 2013 // Error 500 when login OWA through ARR2.5 or other reverse proxy solution

  We install a new Exchange 2013 server with CU2 in our Exchange organization with a single Exchange 2007 server. We use a reverse proxy solution for publishing Outlook WebApp and sync. Internal Outlook WebApp works fine, but when we login from internet,
  we get the error:
  ":-( Something went wrong"
  In the address bar, we see the following URL:
  https://webmail.company.com/owa/auth/errorfe.aspx?httpCode=500
  When we try to login on https://webmail.company.com/ecp, it works fine. But OWA fails.
  Login on legacy mailboxes works fine. When we login on the new Outlook WebApp URL, we automatically forwarded to the legacy URL.
  We try the following reverse proxy solutions:
  Citrix Secure Gateway 3.3 on a Windows 2008 server
  ISS ARR on a Windows 2012 server (http://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspx)
  Is there anyone that knows how I can troubleshoot this problem?

  Hi
  Mostly looks like this is host (A) issue.You can check the below things
  Just check of the mail host (A) record is created on internal DNS server and ensure its pointed to new Exchange 2013 server.
  If the mail host (A) record is pointing to old exchange 2007 server just modify it and make it to point to new Exchange 2013 server
  Check the DWS directory in edit binding if loopback 127.0.0.1 is added if not add them
   Please mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you.
  Regards,
  Sathish

• Reverse Proxy all of a sudden getting 10061 Error

  External clients can't connect and i tracked the problem down to the reverse proxy not being able to connect to the front end server. If i run the test on the lync publishing rule all the URLs some back with error 10061 no connection could be made because
  the target machine actively refused the connection. Nothing was changed that i am aware of. Anyone have any ideas?
  Thanks!

  Hi,
  Did you solve the issue with the help of Kevin Fanton provided above?
  Would you please elaborate your Reverse Proxy configuration?
  Please make sure that both port 80 and 443 are reachable on all internal Front end and Director servers from any subnet where Lync clients may reside internally.
  If you deploy Reverse Proxy with IIS ARR, you can also troubleshooting with the help of the link below:
  http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Error message displays backend server name : Reverse Proxy

  Hi Experts,
  We are using Apache 2.2.16  for reverse proxy.Below is the  scenario.
  browser -
  >Apache server -
  >SAP Web Dispatcher -
  >SAP SRM Portal---->SAP SRM ( backend )
  Now https://apache_server_host:443/irj  works fine. but whenever we select one iview , there is dump in backend system & error message at portal displays backend server.
  e.g
  Error application is coming up.
  20101012
  BASIS
  074335
  srmhost
  http://srmhost.xyz.com8000/sap/bc/webdynpro/sapsrm/wda_l_fpm_oif/
  RAISE_EXCEPTION
  Exception condition "PURCHORG_NOT_FOUND" raised.
  Now can we hide , srmhost ( backend ) or can we replace srmhost with Apache host name.
  I am trying mod_substitute but it is not doing anything .
  Best Regards,
  Tushar.

  Solved by
  AddOutputFilterByType SUBSTITUTE text/html
  Substitute "s|http://srmhost:8000|https://apache_host|ni"

• SSO Reverse Proxy and UWL error

  We have installed a portal on NW 7.01, which uses a custom SSO application and reverse proxy.  We are using the portal for an MSS application, using some standard functionality such as the MSS team viewer and the Universal Worklist.  Everything is working fine when I log in directly to the portal without the SSO application, connection to R3 (ECC 6.0) with the Team Viewer and the Universal Worklist.  When I use the Single Sign-On, I get in to the portal fine, the connection is good on our iViews including the MSS Team Viewer, but I get an error with the Universal Worklist.  I am first prompted if I want to display nonsecure items, if I click yes I get an error inside the UWL iView:
  Network Access Message: The page cannot be displayed
  Error Code: 502 Proxy Error. The host was not found.(11001)
  What settings do I need to change with UWL using SSO and reverse proxy - any ideas?
  Thanks,
  Jeff Mathieson

  We have installed a portal on NW 7.01, which uses a custom SSO application and reverse proxy.  We are using the portal for an MSS application, using some standard functionality such as the MSS team viewer and the Universal Worklist.  Everything is working fine when I log in directly to the portal without the SSO application, connection to R3 (ECC 6.0) with the Team Viewer and the Universal Worklist.  When I use the Single Sign-On, I get in to the portal fine, the connection is good on our iViews including the MSS Team Viewer, but I get an error with the Universal Worklist.  I am first prompted if I want to display nonsecure items, if I click yes I get an error inside the UWL iView:
  Network Access Message: The page cannot be displayed
  Error Code: 502 Proxy Error. The host was not found.(11001)
  What settings do I need to change with UWL using SSO and reverse proxy - any ideas?
  Thanks,
  Jeff Mathieson

• How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)
  for hosting some of the public resource and reverse-proxying other parts
  of the URI namespace from other backend servers (content, application
  and other types of servers).
  So far every type of backend server served a unique part of the namespace
  and there was no collision of names, and the backend resources were
  published in a one-to-one manner. That is, a backend resource like, say,
  http://appserver:8080/content/page.html would be published in the internet
  as http://www.publicsite.com/content/page.html
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.
  Another quest, possibly related in solution, was to make a tidy url for the
  first page the user opens of the site. That is, in the current solution when
  a visitor types the url "www.publicsite.com" in his or her browser, our web
  server returns an HTTP-302 redirect to the actual first page URL, so the
  browser sends a second request (and changes the URL in its location bar).
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  So far I found that I can't solve these problems. I believe these problems
  share a solution because it relies on ability to control the actual URI strings
  requested by Sun Web Server from backend servers.
  Some details follow, now:
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  [04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
  trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
  fn="service-passthrough" rewrite-host="true" rewrite-location="true"
  servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
  returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
  # this causes /content/* to be taken from another (backend) server
  NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
  # this causes requests to site root to be HTTP-redirected to a certain page URI
  <If $uri =~ '^/$'>
      NameTrans fn="redirect"
          url="http://www.publicsite.com/content/MainPage.html"
  </If>
  <Object name="content-test">
  ### This maps http://public/content/* to http://10.16.2.127:8080/content/*
  ### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
      Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
      Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
  </Object>
  I have also tried "restart"ing the request like this:
      NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
      Service fn="set-variable"  uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
  in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
  //Jim

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
  yes, you could do something like
  - edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
  <Object name=¨default¨>
  <If $uri = ¨/page/¨>
  #move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
  NameTrans.. fn=map
  </If
  </Object>
  and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
  finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
  <install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
  http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
  finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
  http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
  >
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  please check out the rewrite / restart SAF. this should help you.
  http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
  pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
  http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  feel free to post to us if you need any futher help
  you are probably better off - starting fresh
  - install ws7u4
  - use gui or CLI to create a reverse proxy and map one on one - say content
  http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
  if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
  <install-root>/bin/wadm disable-java user=admin config=<hostname>
  <install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
  >
  I have also tried "restart"ing the request like this:
  NameTrans fn="restart" uri="/data"
  ordering is very important here... you need to do this some thing like
  <Object name=default>
  <If not $restarted>
  NameTrans fn=restart uri from=/¨ uri=/foo.
  </If>

• Lync Reverse Proxy Alternatives

  When migrating from OCS 2007 to Lync 2010, we balked Microsoft’s recommendation to deploy Forefront Threat Management Gateway (or ISA) just to get the reverse proxy services. 
  TMG is way too expensive and complex for such a limited, simple use case.
  I didn't find much information on what people are using as free alternatives to ISA/TMG, so I decided to post this discussion in case there are others out there who are interested.
  We decided to use Apache 2.2 on Windows Server 2008 R2. 
  Here's how we configured it:
  Read here to understand what features require a reverse proxy, and follow the steps to configure your FQDNs, Network Adapters and (maybe) obtain an SSL Certificate for the reverse proxy. 
  http://technet.microsoft.com/en-us/library/gg398069.aspx
  Download and install the latest stable release of Apache with OpenSSL on your reverse proxy server. 
  http://httpd.apache.org/download.cgi
  We're using the same certificate on the reverse proxy that we use on our front end server (it has the appropriate SANs), so we need to convert it to PEM format for use with Apache:
  Use the Certificates MMC on your front end server to export the certificate and include the private key.
  Transfer the resultant .pfx file to your reverse proxy server.
  Use OpenSSL to convert your .pfx file to PEM:
  openssl pkcs12 -in c:\pathto\yourcert.pfx -out c:\pathto\yourcert.pem –nodes 
  Separate the private key from the certificate using notepad: 
  Open the new .pem file and cut the text from the beginning of the file through the end of the “----END RSA PRIVATE KEY----“ tag. 
  Save that text to a new file named
  yourcert.key. 
  Save
  yourcert.pem, which should now only include the certificate.
  Copy (or move) the certificate and private key to the Apache configuration directory. We like to use: C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl
  for storing the certificates.
  Edit httpd.conf (typically in
  C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf) to enable and configure the proxy and SSL features:
  (See  http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
   for more information on each directive)
  Uncomment the following lines, which will enable proxy and SSL:
  LoadModule proxy_module modules/mod_proxy.so
  LoadModule proxy_http_module modules/mod_proxy_http.so
  LoadModule ssl_module modules/mod_ssl.so
  Include conf/extra/httpd-ssl.conf
  Add the following lines to configure reverse proxy behavior:
  #Be a reverse proxy, not a forward proxy
  ProxyRequests Off
  #Accept requests from any client to any URL
  <Proxy *>
  Order Deny,Allow
  Allow from all
  </Proxy>
  #Set the network buffer to improve throughput
  ProxyReceiveBufferSize 4096
  #Configure the Reverse Proxy to forward all requests to your front end server on 4443
  ProxyPass / https://yourfrontend.domain.com:4443/
  ProxyPassReverse / https://yourfrontend.domain.com:4443/
  #Preserve Host Headers for Lync
  ProxyPreserveHost On
  Optionally, configure logging directives, bindings and server name.
  Save and close httpd.conf
  Edit httpd-ssl.conf (typically in conf\extra):
  Configure the session cache:
  Uncomment:
  SSLSessionCache “dbm:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache”
  Comment out:
  SSLSessionCache “shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
  Locate the <VirtualHost _default_:443> tag and configure the following:
  Add the following directive:
  SSLProxyEngine On
  Configure the path to your SSL Certificate saved in step 3-5 above:
  SSLCertificateFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.pem”
  Configure the path to your private key saved in step 3-5 above:
  SSLCertificateKeyFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.key”
  Optionally, configure the SSLCACertificateFile (you can download the appropriate bundle from your CA).
  Optionally, configure logging directives.
  Save and close httpd-ssl.conf
  Restart the Apache2.2 service
  Configure public DNS records and appropriate firewall rules to allow public http/https traffic to the external interface of your reverse proxy, and to allow the internal interface of
  the reverse proxy to talk to the front end Lync server on 8080 and 4443.
  From an external connection, test connectivity through the reverse proxy:
  Test
  https://dialin.company.com (friendly URL for getting dial-in information, if you’re using voice conferencing)
  Test the Lync Web App by setting up an online meeting and following the URL to join the meeting. 
  You can force the use of the web app by appending ?sl= to the end of the meet.company.com link. 
  See this for more information http://blogs.technet.com/b/jenstr/archive/2010/11/30/launching-lync-web-app.aspx
  Hope this information is helpful and saves some of you some money and trouble.
  Please contact me if you need further clarification or see any mistakes in my notes.
  Best regards,
  Kenneth Walden
  Enterprise Systems Supervisor
  GSD&M
  Austin, TX

  I'd like to thank you for this article.  We were setting up Apache RP for Lync .... needless to say they weren't too excited to learn this new (and highly complex with lots of specific undocumented requirements) Microsoft product.  Anyways, your
  blog saved me a LOT of headache.  I owe you big time. 
  AWESOME JOB. 
  -Greg
  *****EDIT***
  Decided to come back in there and post good information.  We had issues with EXTERNAL and ANONYMOUS users being able to attend a meeting.  The "DIALUP" url was working fine but the "MEETING" url was broken.  On our WFE servers we were getting
  the event error as below.   Turns out that our reverse proxy was not set to "PROXYPRESERVEHOST ON".  Once we put that in there ALL was good.
  Notice that the MEET portion was the only thing that was really broken.  So, if you can get DIALUP to work, but MEET doesn't ... your RP is working to FW the 443 to the 4443 correctly but you're RP is sending the wrong HEADER.  Look for
  http://10.x.x.x/meet/ or soemthing in the event logs. 
  Log Name:      Application
  Source:        ASP.NET 2.0.50727.0
  Date:          11/16/2011 1:26:35 PM
  Event ID:      1309
  Task Category: Web Event
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      OneofMyInternalWFEservers.local
  Description:
  Event code: 3005
  Event message: An unhandled exception has occurred.
  Event time: 11/16/2011 1:26:35 PM
  Event time (UTC): 11/16/2011 6:26:35 PM
  Event ID: b2039ecd0a62482284030f62e1e639d8
  Event sequence: 129
  Event occurrence: 28
  Event detail code: 0
  Application information:
      Application domain: /LM/W3SVC/34578/ROOT/meet-1-129658725547585993
      Trust level: Full
      Application Virtual Path: /meet
      Application Path: C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\
      Machine name: MYWFE.local
  Process information:
      Process ID: 14204
      Process name: w3wp.exe
      Account name: NT AUTHORITY\NETWORK SERVICE
  Exception information:
      Exception type: HttpException
      Exception message: Server cannot append header after HTTP headers have been sent. 
  Request information:
      Request URL:
  https://FQDN:4443/meet/MyName/456456
      User host address: gatewayIP
      User: 
      Is authenticated: False
      Authentication Type: 
      Thread account name: NT AUTHORITY\NETWORK SERVICE
  Thread information:
      Thread ID: 7
      Thread account name: NT AUTHORITY\NETWORK SERVICE
      Is impersonating: False
      Stack trace:    at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
     at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  Custom event details:
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="ASP.NET 2.0.50727.0" />
      <EventID Qualifiers="32768">1309</EventID>
      <Level>3</Level>
      <Task>3</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2011-11-16T18:26:35.000000000Z" />
      <EventRecordID>4483</EventRecordID>
      <Channel>Application</Channel>
      <Computer>XXXXXXXXXXXXXXXXXX</Computer>
      <Security />
    </System>
    <EventData>
      <Data>3005</Data>
      <Data>An unhandled exception has occurred.</Data>
      <Data>11/16/2011 1:26:35 PM</Data>
      <Data>11/16/2011 6:26:35 PM</Data>
      <Data>b2039ecd0a62482284030f62e1e639d8</Data>
      <Data>129</Data>
      <Data>28</Data>
      <Data>0</Data>
      <Data>/LM/W3SVC/34578/ROOT/meet-1-129658725547585993</Data>
      <Data>Full</Data>
      <Data>/meet</Data>
      <Data>C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\</Data>
      <Data>SNKXS300</Data>
      <Data>
      </Data>
      <Data>14204</Data>
      <Data>w3wp.exe</Data>
      <Data>NT AUTHORITY\NETWORK SERVICE</Data>
      <Data>HttpException</Data>
      <Data>Server cannot append header after HTTP headers have been sent.</Data>
      <Data>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
      <Data>/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
      <Data>10.71.1.1</Data>
      <Data>
      </Data>
      <Data>False</Data>
      <Data>
      </Data>
      <Data>NT AUTHORITY\NETWORK SERVICE</Data>
      <Data>7</Data>
      <Data>NT AUTHORITY\NETWORK SERVICE</Data>
      <Data>False</Data>
      <Data>   at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
     at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)
  </Data>
    </EventData>
  </Event>

• IIS Reverse Proxy with URL rewrite.

  Hi all, hoping to leverage the wealth of knowledge contained here.
  Any assistance would be very welcome.
  I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
  I need to redirect all requests with a specific virtual directory suffix only.
  ie; https://domain.test.com/outbound/Content/query_etc
  With /Outbound/ being the trigger.
  This should be redirected to http://10.10.10.10/inbound/Content/query_etc
  While at the same time, requests without the /outbound/ suffix should be handled locally.
  I have configured the reverse proxy as described in a few articles, and have had no luck.
  Here's a snippet from my (sanitized) web.config at the site level.
  <rewrite>
  <outboundRules>
  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
  <match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
  <action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
  </rule>
  <preConditions>
  <preCondition name="ResponseIsHtml1">
  <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
  </preCondition>
  </preConditions>
  </outboundRules>
  <rules>
  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
  <match url="^outbound/(.*)" />
  <action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
  </rule>
  </rules>
  </rewrite>
  To me, this looks correct, yet it doesn't work.
  With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

  Hi Andrew,
  Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
  By using URL Rewrite Module together with
  Application Request Routing module you can have IIS 7 act as a
  reverse proxy.
  It seems like URL Rewrite can't re-route the request somewhere else out of the server.
  Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc  it will fail with 404.
  Hosting multiple domain names under a single account using URL Rewrite.
  It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
  References:
  How to create a url alias using IIS URL Rewrite:
  http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
  Reverse Proxy with URL Rewrite v2 and Application Request Routing:
  http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Web Server 7 Reverse Proxy URI Config

  I am testing WS 7.2 to replace WS 6.1 and need input on the configuration of the reverse proxy setup. We currently are using the reverse proxy plugin on our 6.1 servers but I cannot get the same configuration to work on 7.2. I have followed the admin document but I don't want to use / as my URI. I need to only proxy requests for URLs that end in *cfm.  Can I configure the new server to work like the 6.1 version?
  6.1 Config
  =======
  obj.conf
  NameTrans fn="assign-name" from="(*.cfm)" name="passthrough"
  <Object name="passthrough">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://host:8281"
  Error reason="Bad Gateway" fn="send-error" uri="$docroot/badgateway.html"
  </Object>
  magnus.conf
  Init fn="load-modules" shlib="/opt/SUNWwbsvr/plugins/passthrough/libpassthrough.so" funcs="init-passthrough,auth-passthrough,check-pass
  through,service-passthrough" NativeThread="no"
  Init fn="init-passthrough"

  In Web Server 7.0 you can use built in reverse proxy feature rather than using libpassthrough.so
  configuring reverse proxy
  http://docs.sun.com/app/docs/doc/820-2202/gdabp?l=en&a=view
  http://docs.sun.com/app/docs/doc/820-2204/create-reverse-proxy-1?l=en&a=view
  More information about map SAF :
  http://docs.sun.com/app/docs/doc/820-2203/gdhnz?l=en&a=view
  set-origin-server sAF:
  http://docs.sun.com/app/docs/doc/820-2203/gdhqc?l=en&a=view
  Blogs :
  http://blogs.sun.com/meena/entry/configuring_reverse_proxy_in_sun

• Reverse Proxy with Sun Web Server 7 update 4

  Hi All,
  I've just migrating to Sun Java System Web Server 7.0U4 B12/02/2008 from Sun Java System Web Server 7.0-Technology-Preview-3 B09/13/2006. I've have the two web servers running side by side on separate machines. Both have a VS configured as a reverse proxy pointing to the same apache tomcat web server.
  The Tech Preview 3 server works fine and has been doing since it was installed. However the Update 4 server doesn't. I can access the tomcat app via the U4 server in a browser, but not with the app on my mobile (sync ML). Snooping the traffic show me that the U4 server is sending a different response that the Tech Preview server. I'm thinking it may have to do with Transfer Encoding: chunked. I've looked around the web to see if I can turn this off in the U4 server, as I seem to recall having to do so at some point in my life, though I can't remember when and with what.
  Does anybody have any clues they can throw at me?? Or anybody know what has change in the reverse proxy part of the web server from Tech Preview 3 to U4??
  Both VS reverse proxies are congfigured exactly the same.
  Thanks,
  Stuart.

  well, technology preview is what the name says .. i am surprised that u decided to stick with a technology preview release all these days.. in any case, there should not have any feature change between technology preview build and U4. but , there has been lot of bug fixes - so, unless we know the exact problem - we can't easily narrow down the change between tp3 build with U4 and find out how it is affecting u.
  here is a related article on how to use chunked encoding within web server 7
  http://developers.sun.com/webtier/reference/techart/chunked_req.html
  now, to help you more appropriately, you need to provide us with errors (probably with log level set to finest within server.xml) and let us know with the error reported by web server when it is unable to send those requests to back end tomcat
  you can set log level to finest by running the following command
  /sun/webserver7/bin/wadm set-config-prop -user=admin --config=<hostname> log-level=finest
  /sun/webserver7/bin/wadm deploy-config --user=admin <hostname>
  http://docs.sun.com/app/docs/doc/820-4842/set-config-prop-1?a=view
  (once you have identified the problem, you might want to set log level to info as setting to finest will cause your logs to grow humongous and also hurt performance
  thanks
  sriram

• Access Mac Mini Server (profile management) through reverse proxy

  Hi,
  Newbie in Mac's world and yet trying to make it more complicated as it is.
  As we recently (last month) decided to equip our sales force with iPads, they were configured through Apple Configurator tool running on a dedicated Mac Mini Mountain Lion.
  Now, I'd be keen in moving this configuration to the Profile Manager, part of the OSx Server plugin. So far so good.
  Problem is the following : another web server is already on the LAN using both 80 and 443 ports. So all incoming traffic on those ports was routed to this other server. As Mac Mini Server default http/s ports may not be altered, I installed a reverse proxy server (Oracle VM - Ubuntu 12.04LTS - pound), configured to deal differently traffic on those ports according to the domain name (host) of the web request (header). Each 'local' server has been allocated a domain name. Just to be clear, traffic is now routed by the WAN/LAN router, for those ports, towards the reverse proxy, configured to reroute the traffic to the correct destination.
  So far so good, it works like a charm, except... as soon as we enter https protocol on Mac Mini Server Profile Manager.
  Access from an iDevice to the Mac Mini Server Profile Manager login page is fine, but as soon as password is confirmed, safari is pending and finally a message 'An internal serer error occured. Please try later again' appears.
  Looking to both reverse proxy system log and Mac Mini profilemanager.log files to trace the problem, the following lines are produced at this particular moment :
  reverse proxy system.log
  Jan 15 14:44:03 reverseproxy pound: 91.... GET /devicemanagement/console/apple_theme_v2/en/da56af0a69e733b259dac3991419fa928b4 94a56/resources/images/sprites/me_controls.png HTTP/1.1 - HTTP/1.1 200 OK
  Jan 15 14:44:03 reverseproxy pound: 91.... GET /auth?redirect=http://osxsrv.fiks.net/devicemanagement/api/authentication/callback HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
  Jan 15 14:44:04 reverseproxy pound: 91.... GET /devicemanagement/api/authentication/callback?auth_token=336952DE-BDDE-4390-82F 7-8475B79FB2D3 HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
  Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 can't read header
  Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 response error read from 192.168....:443/GET /profilemanager/ HTTP/1.1: Success (0.007 secs)
  Jan 15 14:44:08 reverseproxy pound: 91.... POST /devicemanagement/api/magic/get_updated HTTP/1.1 - HTTP/1.1 200 OK
  OSx Server profilemanager.log
  Jan 15 14:44:05 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]Jan 15 14:44:05 osxsrv ProfileManager[1749] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]
  Jan 15 14:44:06 osxsrv ProfileManager[1748] <Info>: Completed in 492ms (View: 0, DB: 6) | 200 OK [http://osxsrv.../magic/do_magic]
  Jan 15 14:44:06 osxsrv ProfileManager[1749] <Info>: Completed in 687ms (View: 0, DB: 5) | 200 OK [http://osxsrv..../magic/do_magic]
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
  Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
  Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: auth_token doesn't exist
  Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
  Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Completed in 4ms (View: 1, DB: 14) | 403 Forbidden [http://osxsrv..../magic/do_magic]
  Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
  Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: auth_token doesn't exist
  Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
  Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Completed in 45ms (View: 1, DB: 43) | 403 Forbidden [http://osxsrv..../magic/do_magic]
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Completed in 55ms (View: 0, DB: 1) | 403 Forbidden [http://osxsrv..../magic/do_magic]
  Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Processing AuthenticationController#callback (for 91.... at 2013-01-15 14:44:08) [GET]
  Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Redirected to https://osxsrv..../profilemanager/
  Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Completed in 149ms (DB: 5) | 302 Found [http://osxsrv..../authentication/callback?auth_token=[FILTERED]]
  I guess the '302 Found' is causing or explaining the problem.
  I agree this might not be a Mac issue, so I still knock your doors hoping some of you could at least give a hint for what to search for !
  If the pound configuration file is of interest, just ask, but this is pretty trivial, saying basically listen these protocols (http/https) on these ports (80/443) and according to Header content (check destination host) and reroute packet to LAN device (with given LAN IP address).
  As the default port(s) of the Mac Mini Web Services may not be altered (so far I know), I guess I am stuck using 80 and 443 anyway.
  Maybe should I invest time in changing my other apache server ports to some more exotic 8080 or 88 or whatever so Mac Mini Server Profile Manager default ports 80 and 443 are maintained and can be easily and directly rerouted to my Mac server without any reverse proxy along the way.
  Thanks in advance for your help
  Alx

  HI All,
  i'm also using reverse proxy technique to publish my server to the internet. The ip is used by twice domains. The problem is by using the profile manager
  after login it redirects the url to the Local Area network addresse instead to the domain.
  How to configure this on OS X Server and the Profile Manager Service?
  Kind Regards
  Oemer