IC WebClient - Apache Reverse Proxy

Similar Messages

• Problem with Apache reverse proxy after applying SP13 NW

  Hello,
  we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
  Proxy Error
  The proxy server received an invalid response from an upstream server.
  The proxy server could not handle the request GET /irj/.
  Reason: Error reading from remote server
  Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
  Is is it possible, that there is a problem with sp13?
  Best regards
  Daniel Holstein

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• Apache Reverse proxy with SSL

  Hi,
  I'm trying to install Apache Reverse proxy which will support both HTTP and HTTPS request.
  <b>What do I need to activate to support the HTTPS requests?</b>
  I installed Apache 2.0.53 Released and trying to activate the mod_ssl.
  From Where can I get the mod_ssl.so?
  I saw that there are 2 projects:
  Apache Interface to OpenSSL (mod_ssl)
  Apache-SSL
  Do I need to use them in case I want to use HTTPs?
  Regards,
  Yael

  Get the latest oppenssl compile it. before you compile apache, execute ./configure --help in the apache directory. It will give you the commands that you need to use to activate and deactivate various things in apache.
  mine is as follows:
  ./configure --with-layout=GNU --enable-proxy --enable-ssl --with-ssl=/usr/lo
  cal/src/apachessl/openssl-0.9.7f/ --enable-vhost-alias --enable-rewrite --enable
  -so --enable-proxy-http --enable-proxy-connect --enable- headers
  then make and make install.
  hope it helps.
  Jai

• Apache reverse proxy and SSL termination

  Hi Guru's
      Can anyone tell me, how to do SSL termination at apache reverse proxy. I am using apache reverse proxy for accesing portal from internet. Apache is configured for SSL and portal is NON SSL.
  I am using header variable login module in portal. i wanted to terminate SSL at apache reverse proxy and then all traffic after that should be clear text.
  should i maitain any property. is there any documentation for it.
  Please help me
  Tom

  The majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.
  You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.
  what level I need to configure SSL and how do I proceed in both scenarios?
  Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.
  how do I proceed in both scenarios?
  From a portal perspective, the configuration should remain the same.
  Do I have to install SSL at portal, web dispatcher or at Apache level?
  SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.
  See the following for possible SSL implementation options:
  http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
  https://cw.sdn.sap.com/cw/docs/DOC-115509
  Will SSL termination work for scenario 2?
  Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm
  However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.
  I would recommend you to take a step by step (backward approach).
  First, enable SSL on your portal and make sure it works - going directly to the server.
  Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.
  Finally - you can test the end to end flow - with your Reverse proxy involved.
  - Shanti

• Apache Reverse Proxy

  Hi
  I have installed Apache Reverse Proxy to access my Portal and ECC6.
  In the httpd config file , i have done the following settings.
  <VirtualHost ipaddress:port>
  ProxyPreserveHost On
  ProxyPass /irj/ http://portalserver:50000/irj/
  ProxyPassReverse /irj/ http://portalserver:50000/irj/
  ProxyPass /eccdev/ http://eccserver:8000/eccdev/
  ProxyPassReverse /eccdev/ http://eccserver:8000/eccdev/
  </VirtualHost>
  eccdev is external alias for the path
  /sap/bc/gui/sap/its/webgui/
  With this setting when i  when a request is made for eccdev/
  it takes me to the ecc6 login page.
  when i enter the required information , it just clears the username password fields.
  i checked that the username password are correctly entered.
  what is the problem ?
  Regards
  Rajendra

  Hi Darren ,
  Thanks for the reply.
  Our SSO between Portal and  ECC6 works fine without Reverse Proxy.
  If we access the Portal Through Reverse Proxy , when we navigate to any iViews say BSP iView , it asks for Username password. Once provided it works fine.
  Second Scenario is Using Reverse Proxy to Directly access
  SAP GUI . i.e without using Portal.
  If i do not use Reverse Proxy , i can access my ECC6 webgui
  through browser after providing the Login Details, but if i use Reverse Proxy then Even after providing the Login Details ,
  the LogOn Box does not go and keeps asking for login details.
  To summarize , i just want to acess the SAP GUI from Browser
  using Reverse Proxy . I am able to do it without reverse Proxy .
  Can you help ?

• Apache Reverse Proxy: Domain problem

  Hi,
  I have a problem with Apache Reverse Proxy (Apache 2.2) and SAP Enterprise Portal 6.0.
  I configured Apache as a Reverse Proxy Server (with SSL)so that the portal is accessible through the internet. Everything is working fine but the OWA integration doesn't work over the Reverse Proxy.
  If I log on to <u>http://portalsrv.mydomain.xx:12345/irj</u> the OWA integration works fine with SSO and there is no problem with session management.
  If I log on to <u>https://revproxy.mydomain.zz:1234/irj</u> and want to open Outlook I get the message that Session management doesn't work. However the other components like ESS work fine. Deactivating the DSM Logger is not a solution to this problem.
  The Log tells me:
  1.
  Application domain 'mydomain.xx' differs from Portal domain 'mydomain.zz'.
  Session Management will not work for Application 'abc.mydomain.xx'
  2.
  Application schema 'http' differs from Portal schema 'https'.
  Session Management will not work for Application 'abc.mydomain.xx'
  Is there a possibility to write a Rewrite-Rule in the Apache-Conf?
  For instance:
  https://abc.mydomain.xx --> http://abc.mydomain.zz
  Does anybody made such a rule?
  I hope anybody can help me with the problem.
  Thank you

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• Apache reverse proxy setting for access to Backend

  Hi experts,
  we have set up apache reverse proxy to make available our NW portal (and SRM functions)over the internet.
  Our settings look something like this:
  ProxyRequests Off
  <VirtualHost *:80>
       ServerName myportal.portalhosto.com
       ProxyPreserveHost On
       ProxyPass /irj/ http://myportal.portalhost.com:53200/irj/
       ProxyPass /webdynpro/ http://myportal.postalhost.com:53200/webdynpro/
       ProxyPassReverse /irj/  http://myportal.portalhost.com:53200/irj/
       ProxyPassReverse /webdynpro/  http://myportal.portalhost.com:53200/webdynpro/
       ErrorLog logs/myportal.portalhost.com-error.log
       CustomLog logs/myportal.portalhost.com-custom.log combined
  RewriteEngine On
       RewriteRule ^/sap/(.*)$ http://mybackend.backendhost.com:8020/sap/$1 [P,NC]
  </VirtualHost>
  Problem:
  when we access the portal from the internal network(either by using the internal URL or external URL) things work fine.
  But we access the portal from internet, we are able to login to the portal and acess all webdynpro Java related applications.But when we try to acess the BSP/WD abap application running on a backend SRM system, we get 'host not found' message with the INTERNAL url of the SRM backend application displayed.
  Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
  Any help in resolving this would be greatly appreciated.
  regards,
  Kiran

  Hi,
  Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
  Yes , you have to expose your backend system using reverse proxy ...
  When user access the portal and when he clicks on BSP/WD , the URL get re-directed to backend system.
  But , as your backend system is not expose on internet , you get an error as host not found.
  So, to solve your problem you have to expose your backend system on internet. It is in general pratice to expose on internet.
  Thanks
  Anil

• 401 Unauthorized: Running portal behind an APACHE reverse proxy

  Hello to all,
  we've got following scenario:
  www <-HTTPS-> APACHE (external SSL termination) <-HTTPS-> portal
  If I call the internal URL (https://backend.xy.de:443/irj/portal) of the portal,
  I'll be redirected to the logon servlet and logon to the portal application is possible.
  Now we set up a APACHE reverse proxy in oder to access the portal from internet.
  I've set up a virtual host:
  <VirtualHost test.xy.de:443>
       <Location />
            ProxyPass https://backend.xy.de:443/
          ProxyPassReverse /
       </Location>
  </VirtualHost test.xy.de:443>
  But now if I call the portal application https://test.xy.de/irj/portal I get the following error:
  Unauthorized
  This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
  Any idea how to fix this?
  Regards Christian

  Hello Tobias,
  I have adapted your idea, but without success.
  I've checked the cookies. No cookies are delivered by the J2EE-Server.
  HTTP-ResponseHeader contains following entries:
  HTTP/1.1 401 Unauthorized
  Date: Thu, 26 Jan 2012 08:31:55 GMT
  WWW-Authenticate: Negotiate
  Content-Length: 381
  Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
  But its a bit strange.
  If I call url https://xy.de/index.html the start page will be displayed.
  A log on to system information is possible, but if I try to open the nwa, I get the same error.
  So I think this is a problem with the logon servlet. Sites with basic-authentication work.
  Calling the logon servlet direct https://xy.de/logon/logonServlet I get the same error.
  I don't think, there is a problem with the apache configuration.
  If I change the ProxyPass directive to another J2EE server everything works fine.
  There is only one difference between both system.
  System 1 (error system) is a SAP Netweaver 7.01 SP10
  The other system is a SAP Netweaver 7.02 SP 9
  Regards Christian
  Edited by: Christian Kaiser on Jan 26, 2012 9:53 AM

• Configuring a Apache Reverse Proxy for OracleAS Portal and OracleAS Single

  I'm trying to implement my Oracle Portal 10g Release 2 with a reverse proxy (Apache 2.2) as described in this link: http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm#BEIFECEH without success. I have Oracle Portal, Oracle SSO,OID in the same domain and Apache Reverse Proxy in another domain. Has anyone had success using OracleAS Portal with a reverse proxy?

  First of all i'm trying to configure a reverse proxy only for Ora SSO (infra tier). Here is what i already do:
  APACHE REVERSE PROXY (Apache 2.2)
  http:/proxy.mycompany.com:80
  ProxyRequests off
  ProxyPassInterpolateEnv On
  ProxyPass / http:/portal.tech.everett.it:7777/
  ProxyPassReverse / http:/portal.tech.everett.it:7777/
  ProxyPreserveHost On
  ORACLE SSO
  http:/portal.mycompany.com:7777
  Here are the steps i already do:
  1- CONFIG OID
  create an ldif file called setdasurl.ldif and insert as follow:
  dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
  changetype: modify
  replace: orcldasurlbase
  orcldasurlbase: http:/proxy.mycompany.com/
  then do ldapmodify as follow:
  ldapmodify -x -h portal.mycompany.com -p 3060 -D "cn=orcladmin" -w password1 -v -f setdasurl.ldif
  2- CONFIG ORA SSO (as gentjan user)
  export ORACLE_HOME=/home/gentjan/product/10.1.2/OracleAS/infra/
  2.1-config Apache config of ORA SSO
  vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
  change from:
  ServerName portal.mycompany.com
  Port 7777
  KeepAlive On
  to:
  ServerName proxy.mycompany.com
  Port 80
  KeepAlive Off
  and add at the end of httpd.conf
  RewriteEngine On
  RewriteOptions inherit
  2.2- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.3- modify SSO Server Home URL to reverse proxy hostname and port (as root)
  *$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 80*
  2.4- Updating the targets.xml File
  Open the ORACLE_HOME/sysman/emd/targets.xml file and locate the target type oracle_sso_server.
  vi $ORACLE_HOME/sysman/emd/targets.xml
  Update the HTTPMachine and HTTPPort attributes with the proxy server host and port attributes that were passed to ssocfg. For example:
  Property NAME="HTTPMachine" VALUE="proxy.mycompany.com"
  Property NAME="HTTPPort" VALUE="80"
  Property NAME="HTTPProtocol" VALUE="http"
  Save and close the file.
  Reload the Application Server Control Console by issuing this command (as gentjan):
  *$ORACLE_HOME/bin/emctl reload*
  2.5- Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port
  some needed permissions
  chmod -R 775 /home/gentjan/product/10.1.2/OracleAS/infra/dcm/
  Re-register mod_osso (as gentjan)
  *$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /home/gentjan/product/10.1.2/OracleAS/infra -site_name infra.proxy.mycompany.com -config_mod_osso TRUE -mod_osso_url http:/proxy.mycompany.com:80 -update_mode MODIFY*
  2.6- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.7- Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server*
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY*
  After this modifications my reverse proxy is ok.
  I can access to http:/proxy.mycompany.com:80 and this redirect me to Oracle Application Server Welcome page.
  If i try http:/proxy.mycompany.com/pls/orasso/orasso.home, i can view the SSO Server Home page.
  The problem that i find is when i click to Login page for Oracle SSO.
  I have the following error:
  Forbidden You don't have permission to access /pls/orasso/ORASSO.wwsec_app_priv.login on this server.
  So, in other words i can't do the login/logout under reverse proxy. Anyone can help?
  Gentjan

• Setting apache reverse proxy for EP6SP2

  Hi friends,
  I want to set apache reverse proxy for EP6SP2. But after doing the following changes, it is showing the SAP J2EE Engine documentation page.
  The following changes has been dont to httpd.conf:
  NameVirtualHost 1.1.1.1:80
  <VirtualHost 1.1.1.1:80>
    ProxyRequests Off
    ServerName ep6.xyz.com
    ProxyPreserveHost On
    proxyPass        /  http://ep6.xyz.com:50000/
    proxyPassReverse /  http://ep6.xyz.com:50000/
    ErrorLog logs/base.80.error.log
    CustomLog logs/base.80.custom.log common
  </VirtualHost>
  Help needed.
  Regards,
  Nilz

  Hi,
  I have a problem with my proxy:
  ssl.conf.in like
  ProxyPass /irj http://debmsu06.server.###.de:50300/irj
  ProxyPassReverse /irj http://debmsu06.server.###.de:50300/irj
  RewriteRule ^/$ /irj/portal [R]
  If I use URL:
  https://bebuyer.###.de/ goto https://bebuyer.###.de/irj/portal
  but if I use
  https://bebuyer.###.de/irj/
  I get the info:
  https://bebuyer.###.de/irj/HTTPS:/bebuyer.###.de:443/irj/index.html
  What is happened? How I can redirect to /irj/portal?
  Of course I can use
  http://debmsu06.server.###.de:50300/irj/
  Could you please give me some tips?
  Best Thanks!
  Heren Zhou

• Accessing Fiori from Apache reverse  proxy.

  Hi All,
         I have installed Fiori setup in local network.
  When I tried to access the URL from External world using Apache Reverse Proxy Server installed in DMZ it is not getting connected.
  Is there any specific configuration that we need to do in Fiori? Can any one help me on this.
  cc:Babu Ganesh V
  Thanks
  -Arun
  Tags edited by: Michael Appleby

  Hi Masa,
  I think we have a similar issue when opening the Fiori Launchpad.
  Directly accessing the gateway server works fine in the intranet.
  Going via the Apache reverse proxy shows the following in InternetExplorer  F12 Developer Tools:
  Request:
  /sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('%2FUI2%2FFiori2LaunchpadHome')?$expand=Pages/PageChipInstances/Chip/ChipBags/ChipProperties,Pages/PageChipInstances/RemoteCatalog,Pages/PageChipInstances/ChipInstanceBags/ChipInstanceProperties,AssignedPages,DefaultPage
  Response:
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head><title>404 Not Found</title></head>
  <body>
    <h1>Not Found</h1>
    <p>The requested  URL /sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets'/UI2/Fiori2LaunchpadHome') was
  not found on this server.</p>
    </body></html>
  I assume the issue is with either the URLencoded part %2FUI2%2FFiori...
  or with the brackets, the dollar sign or the commas used in the URL.
  Could you maybe point out what's the crucial parts we need to add to our Apache Reverse Proxy config?
  So far we have mainly used
  ProxyPreserveHost On and
  ProxyPass and ProxyPassreverse    pairs.
  What do we need to get the bracket  (, the URLencoded part, the $ or the ,  through to the gateway server.
  Regs Ulf

• OCS on a single computer / DMZ using Apache reverse proxy

  Hi there,
  we've installed the OCS 10.1.2 on a single Solaris box in our internal LAN. Everything works fine internally. We would like to configure a Apache reverse proxy in our DMZ to get the possibility to use it from outside (as shown in "Oracle Collaboration Suite Deployment Guide", chapter 3, Figure 3-2 Single Computer in a DMZ). Unfortunately I didn't find any configuration hints for the reverse proxy.
  Can someone provide me with an example configuration?
  Thanks,
  Christoph

  Hello Andreas and Christoph!
  I have the same problem like Christoph. We made a Singlebox-Installation of OCS 10.1.2 in the intranet. Now I am looking for installation documentation, how I have to configure a Apache or Oracle Standalone Webcache as a reverseproxy in the DMZ. to allow access the OCS from the internet. I only read, that it is possible, but nothing about the way.
  I have installed a Webcache (OAS 10.1.2 Java Edition not dht standalone Veersion from the Companion CD) and configured by my own knowledge. The result was network errors.
  Is there anywhere information?
  Best regards!
  Axel

• Is apache reverse proxy server/F5 Load Balancer support to Sharepoint 2010

  Hi ,
  I have two tool for implement reverse proxy
  -Apache reverse proxy
  -F5 load balancer
  Kindly let me know sharepoint 2010 support this,if support then how to configured.
  Hasan Jamal Siddiqui(MCTS,MCPD,ITIL@V3),Sharepoint and EPM Consultant,TCS
  |
  | Twitter

  Thanks Sebastian,
  Please let me know,I have only NTLM Authentication,we are not using FBS.
  For NTLM authentication what we need to do. 
  Hasan Jamal Siddiqui(MCTS,MCPD,ITIL@V3),Sharepoint and EPM Consultant,TCS
  |
  | Twitter

• Apache Reverse Proxy and Branding Image

  Hi,
  I just installed a Apache reverse proxy on solaris. Unfortunatly, the branding image on the EP logon screen is not displayed. Anyone who knows how I can fix that?
  I read some good post for the IIS reverse proxy. Is there a way to do the same on Apache?
  Thanks
  Elvez

  Thanks for the replies.
  However, I found the solutioin in an excellent document on the Web: http://www.apacheweek.com/features/reverseproxies. It would be worth reading for SAP. I'm especially referring to the document "Apache Configuration for J2EE Web Applications". The configuration described in the SAP document is strongly avoided by the author of apacheweek.
  Best regards,
  Elvez

• Webdynpro application not functioning from Apache Reverse Proxy

  Hi Experts,
  We are currently working on custom webdynpro application, which needs to be exposed to Internet. We are using Apache HTTP Server as a reverse proxy.
  We canable to access URL, but no images are getting displayed and also the application not functioning when we click any button/links.
  Below is the HTTPD file configuration.
  ProxyPass /esampleApp  http://hostname:port/webdynpro/dispatcher/local/esampUI/ESamplingApp
  ProxyPassReverse /esampleApp  http://hostname:port/webdynpro/dispatcher/local/esampUI/ESamplingApp
  When we look into  image URL, which is being called from Apache, we  found out "webdynpro" is missing in the URL.
  Actual URL in Portal Server: (working)
  http://portalhostname:port/webdynpro/resources/local/esampUI/Components/esampling.ui.ESamplingComp/logo.gif
  Apache URL:
  http://Apachehostname:port/resources/local/esampUI/Components/esampling.ui.ESamplingComp/logo.gif
  Please suggest.
  Thanks
  Aravind

  We also had the same issue, but the problem was that instead of http https was getting called.
  This has to do with 2 settings:
  1. Check the reverse proxy re-write URL's again. Note that there will be 2-3 entries one for webdynpro as well.
  2. Open your system definintion in system admin-sys configuration adn check the WAS settings. this should point to the FQDN of the proxy server and not to the R3 server.
  ankur