Help with Apache Reverse Proxy configuration with SAP Portal and SAP Webgui

Similar Messages

• Problem with Apache reverse proxy after applying SP13 NW

  Hello,
  we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
  Proxy Error
  The proxy server received an invalid response from an upstream server.
  The proxy server could not handle the request GET /irj/.
  Reason: Error reading from remote server
  Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
  Is is it possible, that there is a problem with sp13?
  Best regards
  Daniel Holstein

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• Printing Issue from ITS with a Reverse Proxy Configured

  Hi experts,
  We have an enterprise portal landscape which  can be accessed from the internet. The URLs are mapped using apache server as a reverse proxy. Also, we have configured the reverse proxy settings for accessing R/3 systems.
  When the users try to take the print out from the ITS Web GUI accessed through the enterprise portal, the page redirects itself to an only internally resolvable host name of the R/3 ITS.
  Due to this issue, users are not able to take prints from internet.
  I would like to know if there is any way by which i can change this to my externally resolvable reverse proxy host address, which in turn can be mapped internally to the original host name at the reverse proxy level.
  Can any one help me out in this?
  Thanks a lot
  Shobin

  Hi Shobin,
  SAP note 1145306 might provide some help about directives to be used.
  Regards,
  Dieter

• Apache Reverse Proxy

  Hi
  I have installed Apache Reverse Proxy to access my Portal and ECC6.
  In the httpd config file , i have done the following settings.
  <VirtualHost ipaddress:port>
  ProxyPreserveHost On
  ProxyPass /irj/ http://portalserver:50000/irj/
  ProxyPassReverse /irj/ http://portalserver:50000/irj/
  ProxyPass /eccdev/ http://eccserver:8000/eccdev/
  ProxyPassReverse /eccdev/ http://eccserver:8000/eccdev/
  </VirtualHost>
  eccdev is external alias for the path
  /sap/bc/gui/sap/its/webgui/
  With this setting when i  when a request is made for eccdev/
  it takes me to the ecc6 login page.
  when i enter the required information , it just clears the username password fields.
  i checked that the username password are correctly entered.
  what is the problem ?
  Regards
  Rajendra

  Hi Darren ,
  Thanks for the reply.
  Our SSO between Portal and  ECC6 works fine without Reverse Proxy.
  If we access the Portal Through Reverse Proxy , when we navigate to any iViews say BSP iView , it asks for Username password. Once provided it works fine.
  Second Scenario is Using Reverse Proxy to Directly access
  SAP GUI . i.e without using Portal.
  If i do not use Reverse Proxy , i can access my ECC6 webgui
  through browser after providing the Login Details, but if i use Reverse Proxy then Even after providing the Login Details ,
  the LogOn Box does not go and keeps asking for login details.
  To summarize , i just want to acess the SAP GUI from Browser
  using Reverse Proxy . I am able to do it without reverse Proxy .
  Can you help ?

• Reverse Proxy Configuration - Apache as an SSL reverse-proxy

  Hi,
  We have EP 6.0 SP 14 installed with SSL configured.
  We are in need to open the application to internet.
  For the same we have set up a reverse proxy server (Apache as SSL
  Reverse Proxy).
  Our requirement is to open the application to the internet with
  web address https://abc.domain.com.
  The issue is we are able to access the application from internet only when
  https://abc.domain.com/irj/potal is typed.
  (ie.) Mapping is working fine for
  https://abc.domain.com/irj/portal to
  our EP Portal address https://abc2.domain.com:50001/irj/portal
  And not working for mapping https://abc.domain.com to our EP Portal
  address https://abc2.domain.com:50001/irj/portal
  We have been working on to resolve this issue for days together but have been really unsuccessful
  Kindly help us in resolving the same asap.
  Note : The references we used are:
  1. SAP's document:
  "Apache Reverse Proxy Configuration for J2ee 6.20 and 6.40 Web Applications"
  2. Weblogs:
  The Reverse Proxy Series -- Part 1: Introduction
  The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
  The Reverse Proxy Series -- Part 3.1: Apache as an SSL reverse-proxy
  Regards,
  venkat.

  Thanks much for the feedback. We're using the default settings on the HTTP rule we have set up for the portal on the ISA server. We'll be looking into the details of what the default rule settings are, however we did find a note in the Microsoft Knowledge base detailing with the ISA server screening high bits in URL strings for Outlook Web Access (OWA). This generates a similar error message. Here is the link to the detailed note on the Microsoft web site:
  http://support.microsoft.com/?scid=kb;en-us;837865
  Also,we are going to be applying the SP1 upgrade to the ISA server (released in March) to see if this might be some type of issue that may have been identified and corrected by the service pack. We'll see what happens with that.
  One area where we can recreate the problem at will is when we set up the system landscape configuration. We can navigate to a system configuration object, however when we attempt to right click to edit the object we get the error. There are other circumstances where we get errors but that is one that occurs for sure. Anyone have any idea as to what might be special about that type of transaction??
  Thanks again.
  Rich

• SAP Webdispatcher - Reverse Proxy Configuration

  Hi All,
  Need your help in configuration SAP Webdispatcher as reverse proxy. Currently we are using Apache as reverse proxy, but we are facing 400 Bad Request error and not able to solve the issue.
  So We are planning to install Webdispatcher and configure reverse proxy and test.
  Below is the Apache Reverse proxy configuration. Need help in configuring the same parameters in SAP Webdispatcher
  ProxyPass /sap http://srmerver:8000/sap
  ProxyPass /SRM-MDM  http://mdmserver:50100/SRM-MDM
  ProxyPass /mdmimages http://portalserver:8090/mdmimages
  ProxyPass /irj http://portalserver:50100/irj
  ProxyPass /saml2 http://portalserver:50100/saml2
  ProxyPass / http://portalserver:50100/　
  ProxyPassReverse /sap http://srmserver:8000/sap
  ProxyPassReverse /SRM-MDM  http://mdmserver:50100/SRM-MDM
  ProxyPassReverse /mdmimages http://portalserver:8090/mdmimages
  ProxyPassReverse /irj  http://portalserver:50100/irj
  ProxyPassReverse /saml2 http://portalserver:50100/saml2
  ProxyPassReverse /  http://portalserver:50100/
  Regards
  Ponnusamy

  Hi
  Kindly refer the SCN link
  How to...Configure SAP Webdispatcher as a reverse proxy
  http://basisondemand.com/Documents/Whitepaper_on_SAP_Web_Dispatcher.pdf
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a015cea3-9627-2e10-a792-8f39e3d0b59d?QuickLink=index&…
  Regards
  Sriram

• Apache Reverse Proxy: Domain problem

  Hi,
  I have a problem with Apache Reverse Proxy (Apache 2.2) and SAP Enterprise Portal 6.0.
  I configured Apache as a Reverse Proxy Server (with SSL)so that the portal is accessible through the internet. Everything is working fine but the OWA integration doesn't work over the Reverse Proxy.
  If I log on to <u>http://portalsrv.mydomain.xx:12345/irj</u> the OWA integration works fine with SSO and there is no problem with session management.
  If I log on to <u>https://revproxy.mydomain.zz:1234/irj</u> and want to open Outlook I get the message that Session management doesn't work. However the other components like ESS work fine. Deactivating the DSM Logger is not a solution to this problem.
  The Log tells me:
  1.
  Application domain 'mydomain.xx' differs from Portal domain 'mydomain.zz'.
  Session Management will not work for Application 'abc.mydomain.xx'
  2.
  Application schema 'http' differs from Portal schema 'https'.
  Session Management will not work for Application 'abc.mydomain.xx'
  Is there a possibility to write a Rewrite-Rule in the Apache-Conf?
  For instance:
  https://abc.mydomain.xx --> http://abc.mydomain.zz
  Does anybody made such a rule?
  I hope anybody can help me with the problem.
  Thank you

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• Apache Reverse Proxy with Abap Web query

  Hi to all
    We are trying to configure apache 2 to work as a reverse proxy with web abap Netweaver installation.
  From inside the network the web query is fine.
  Running the query with the reverse proxy we have only the html code in the browser. All the scripts and css are not present.
  We checked some messages inside the forum and we have tried a lot of stuff without success.
  We use always linux (Fedora, Ubuntu with xampp or apache only) plus the html module or the publisher from http://apache.webthing.com.
  Our installation is like this the reverse proxy in the dmz and the netweaver to the inside off coarse, and we don't have the same domain name, i don't know if this is important.
  Any help/idea  is valuable.
  Thank you
  Yiannis

  Hi Olivier
  I have seen your solution in other messages but i didn't try it because i was trying to work with the html_proxy module.
  I read the documents you gave me plus some apache tutorials on the rewrite rule.
  In any case i have my installation working now.
  I did some extra changes in my config so now the rules are like that
  ProxyVia On
  ProxyBadHeader IsError
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass /sap http://192.168.1.59:8001/sap
  ProxyPassReverse /sap http://192.168.1.59:8001/sap
  RewriteEngine On
  RewriteRule ^/(sap\(.*) http://192.168.1.59:8001/$1 [P,L]
  Thanks again for your help
  Yiannis

• Apache Reverse proxy with SSL

  Hi,
  I'm trying to install Apache Reverse proxy which will support both HTTP and HTTPS request.
  <b>What do I need to activate to support the HTTPS requests?</b>
  I installed Apache 2.0.53 Released and trying to activate the mod_ssl.
  From Where can I get the mod_ssl.so?
  I saw that there are 2 projects:
  Apache Interface to OpenSSL (mod_ssl)
  Apache-SSL
  Do I need to use them in case I want to use HTTPs?
  Regards,
  Yael

  Get the latest oppenssl compile it. before you compile apache, execute ./configure --help in the apache directory. It will give you the commands that you need to use to activate and deactivate various things in apache.
  mine is as follows:
  ./configure --with-layout=GNU --enable-proxy --enable-ssl --with-ssl=/usr/lo
  cal/src/apachessl/openssl-0.9.7f/ --enable-vhost-alias --enable-rewrite --enable
  -so --enable-proxy-http --enable-proxy-connect --enable- headers
  then make and make install.
  hope it helps.
  Jai

• How to configure SharePoint HNSC with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.

  Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
  In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with  Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
  to Public URL = "proxy URL".
  In Host Named Site Collections,  alternate access mappings  are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
  URL is associated.  This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
  point HNSC to respond  to a different URL(proxy URL). Consequently, Share Point URLs are exposed to  external users.
  Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If  hiding the internal Share Point URLS is a requirement,
  it suggests to use a web application instead of host named site collections.
  Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
  http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
  Excerpt from above article-
  "Host Named Site Collections Only Use One Host Name
  Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
  are always considered to be in the Default zone.  This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
  as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
  calls to the same URL.  If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>

  Hi Satish,
  You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
  It is by design that each host-name site collection only support one URL for each zone.
  The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
  https://support.microsoft.com/en-us/kb/2826457
  So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
  Best regards.
  Thanks
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Configuring a Apache Reverse Proxy for OracleAS Portal and OracleAS Single

  I'm trying to implement my Oracle Portal 10g Release 2 with a reverse proxy (Apache 2.2) as described in this link: http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm#BEIFECEH without success. I have Oracle Portal, Oracle SSO,OID in the same domain and Apache Reverse Proxy in another domain. Has anyone had success using OracleAS Portal with a reverse proxy?

  First of all i'm trying to configure a reverse proxy only for Ora SSO (infra tier). Here is what i already do:
  APACHE REVERSE PROXY (Apache 2.2)
  http:/proxy.mycompany.com:80
  ProxyRequests off
  ProxyPassInterpolateEnv On
  ProxyPass / http:/portal.tech.everett.it:7777/
  ProxyPassReverse / http:/portal.tech.everett.it:7777/
  ProxyPreserveHost On
  ORACLE SSO
  http:/portal.mycompany.com:7777
  Here are the steps i already do:
  1- CONFIG OID
  create an ldif file called setdasurl.ldif and insert as follow:
  dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
  changetype: modify
  replace: orcldasurlbase
  orcldasurlbase: http:/proxy.mycompany.com/
  then do ldapmodify as follow:
  ldapmodify -x -h portal.mycompany.com -p 3060 -D "cn=orcladmin" -w password1 -v -f setdasurl.ldif
  2- CONFIG ORA SSO (as gentjan user)
  export ORACLE_HOME=/home/gentjan/product/10.1.2/OracleAS/infra/
  2.1-config Apache config of ORA SSO
  vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
  change from:
  ServerName portal.mycompany.com
  Port 7777
  KeepAlive On
  to:
  ServerName proxy.mycompany.com
  Port 80
  KeepAlive Off
  and add at the end of httpd.conf
  RewriteEngine On
  RewriteOptions inherit
  2.2- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.3- modify SSO Server Home URL to reverse proxy hostname and port (as root)
  *$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 80*
  2.4- Updating the targets.xml File
  Open the ORACLE_HOME/sysman/emd/targets.xml file and locate the target type oracle_sso_server.
  vi $ORACLE_HOME/sysman/emd/targets.xml
  Update the HTTPMachine and HTTPPort attributes with the proxy server host and port attributes that were passed to ssocfg. For example:
  Property NAME="HTTPMachine" VALUE="proxy.mycompany.com"
  Property NAME="HTTPPort" VALUE="80"
  Property NAME="HTTPProtocol" VALUE="http"
  Save and close the file.
  Reload the Application Server Control Console by issuing this command (as gentjan):
  *$ORACLE_HOME/bin/emctl reload*
  2.5- Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port
  some needed permissions
  chmod -R 775 /home/gentjan/product/10.1.2/OracleAS/infra/dcm/
  Re-register mod_osso (as gentjan)
  *$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /home/gentjan/product/10.1.2/OracleAS/infra -site_name infra.proxy.mycompany.com -config_mod_osso TRUE -mod_osso_url http:/proxy.mycompany.com:80 -update_mode MODIFY*
  2.6- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.7- Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server*
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY*
  After this modifications my reverse proxy is ok.
  I can access to http:/proxy.mycompany.com:80 and this redirect me to Oracle Application Server Welcome page.
  If i try http:/proxy.mycompany.com/pls/orasso/orasso.home, i can view the SSO Server Home page.
  The problem that i find is when i click to Login page for Oracle SSO.
  I have the following error:
  Forbidden You don't have permission to access /pls/orasso/ORASSO.wwsec_app_priv.login on this server.
  So, in other words i can't do the login/logout under reverse proxy. Anyone can help?
  Gentjan

• Reverse Proxy Configuration Help

  I am running OFM 11.1.1.6.
  Web Cache is running on port 8888.
  Portal's OHS (the WebCache origin server) is running on 7777.
  Reports' OHS (for /reports/rwservlet) is running on 8890.
  Non-Oracle Apache 2.2 is running as a reverse SSL proxy for Portal on port 443.
  I want to configure this reverse proxy so that it appears to the end user that the reports server is also running in HTTPS on port 443, instead of on port 8890. Can anyone please give me a tip on how to set this up?
  In my httpd.conf for my Apache reverse proxy server, I have this within my main SSL virtual host:
  ProxyPassReverse / http://hostname:8888/
  ProxyPreserveHost On
  RewriteEngine On
  RewriteRule ^/(.*) http://hostname:8888/$1 [P]Do I need to add an additional virtual host for the proxy to the reports server? Or can I include it in this same virtual host? I've tried the following, but couldn't get it to work:
  ProxyPassReverse /reports/rwservlet/ http://hostname:8890/reports/rwservlet/
  ProxyPassReverse / http://hostname:8888/
  ProxyPreserveHost On
  RewriteEngine On
  RewriteRule ^/reports/rwservlet/(.*) http://hostname:8890/reports/rwservlet/$1 [P]
  RewriteRule ^/(.*) http://hostname:8888/$1 [P]Any guidance is appreciated.

  In case anyone finds this, this is how I got it all working:
  In httpd.conf for the Apache reverse proxy:
  ProxyPreserveHost On
  RewriteEngine On
  RewriteRule ^/reports/(.*) http://hostname:8890/reports/$1 [P]
  ProxyPassReverse /reports http://hostname:8890/reports
  RewriteRule ^/(.*) http://hostname:8888/$1 [P]
  ProxyPassReverse / http://hostname:8888/In the Portal OHS's httpd.conf:
  NameVirtualHost *:7777
  <VirtualHost *:7777>
       ServerName https://hostname
       RewriteEngine On
       RewriteOptions inherit
       UseCanonicalName On
       OssoConfigFile E:/ora11/product/portal_instance/config/OHS/ohs1/osso/osso_ssl.conf
       OssoIpCheck off
       OssoSecureCookies off
       OssoIdleTimeout off
  </VirtualHost>In the reports server's httpd.conf:
  NameVirtualHost *:8890
  <VirtualHost *:8890>
       ServerName https://hostname
       RewriteEngine On
       RewriteOptions inherit
       UseCanonicalName On
       OssoConfigFile E:/ora11/product/reports_instance/config/OHS/ohs1/osso.conf
       OssoIpCheck off
       OssoSecureCookies off
       OssoIdleTimeout off
  </VirtualHost>You can use the same osso.conf for both reports and portal. Make sure to register with SSO specifying https://hostname as the registered URL.

• How to configure for GPlus Adapter with SAP Phone and SAP CRM

  Hi All Basis Adm,
                 Please consider as an urgent basis i need the information that how to configure  GPlus Adapter with SAP Phone and SAP CRM . My server is CRM 5.0 (kernel 7) with Oracle Database. This information is require to connect Webclient to Sap Phone with GPlus Adapter (Genesys Adapter 7.1).  If u have any document regarding mentioned above than that will be acceptable. 
  Regds,
  Govinda

  Hi Prasad,
  In you case, it's a file to file scenario.
  Go thro' this link for a solution:-
  /people/venkat.donela/blog/2005/03/02/introduction-to-simplefile-xi-filescenario-and-complete-walk-through-for-starterspart1
  /people/venkat.donela/blog/2005/03/03/introduction-to-simple-file-xi-filescenario-and-complete-walk-through-for-starterspart2
  Regards.
  Praveen

• Does Safari support Automatic Proxy Configuration with a .wpad file?

  Hello,
  I was wondering if anyone knows whether Safari supports Automatic Proxy Configuration with a .wpad file?
  Morgan

  HI Morgan ..
  Safari is extremely finicky about proxies and according to Wikipedia it dates back to older browser versions.
  http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol

• Apache reverse proxy and SSL termination

  Hi Guru's
      Can anyone tell me, how to do SSL termination at apache reverse proxy. I am using apache reverse proxy for accesing portal from internet. Apache is configured for SSL and portal is NON SSL.
  I am using header variable login module in portal. i wanted to terminate SSL at apache reverse proxy and then all traffic after that should be clear text.
  should i maitain any property. is there any documentation for it.
  Please help me
  Tom

  The majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.
  You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.
  what level I need to configure SSL and how do I proceed in both scenarios?
  Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.
  how do I proceed in both scenarios?
  From a portal perspective, the configuration should remain the same.
  Do I have to install SSL at portal, web dispatcher or at Apache level?
  SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.
  See the following for possible SSL implementation options:
  http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
  https://cw.sdn.sap.com/cw/docs/DOC-115509
  Will SSL termination work for scenario 2?
  Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm
  However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.
  I would recommend you to take a step by step (backward approach).
  First, enable SSL on your portal and make sure it works - going directly to the server.
  Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.
  Finally - you can test the end to end flow - with your Reverse proxy involved.
  - Shanti