Problem with Apache reverse proxy after applying SP13 NW
Hello,
we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /irj/.
Reason: Error reading from remote server
Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
Is is it possible, that there is a problem with sp13?
Best regards
Daniel Holstein
Hi Daniel,
ok I`ll try to find a solution in parallel and keep you up to date.
In the following my settings in case I missed something:
<VirtualHost test.firma.de:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
ServerName test.firma.de:443
ServerAdmin [email protected]
LogLevel debug
ErrorLog logs/ssl_443_error
CustomLog logs/ssl_443_access_log common
ProxyVia Off
ProxyPreserveHost On
ReWriteEngine on
ReWriteLogLevel 0
ReWriteLog logs//ssl_443_rewrite_http.log
ProxyPass / https://backend.firma.de:50001/
ProxyPassReverse / https://backend.firma.de:50001/
</VirtualHost>
Regards, Jens
Similar Messages
-
Help with Apache Reverse Proxy configuration with SAP Portal and SAP Webgui
Dear Experts,
I have an issue configuring Apache to work with SAP Portal and ERP webgui. Accessing Portal through Reverse Proxy is working fine. But the problem arises when we try to open an iView ERP webgui transaction page from Portal with the Reverse Proxy. Have anyone implemented similar requirements and could advice on the configuration required on the Apache side? Thank youhi,
pls check the below links for reference:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/24396589-0a01-0010-3c8c-ab2e3acf6fe2
searchsap.techtarget.com/searchSAP/downloads/chapter-december.pdf
1)Learn to implement the reverse proxy filter and portal gateway in SAP Enterprise Portal 6.0 on Web Application Server 6.40.
https:/.../irj/sdn/nw-portalandcollaboration?rid=/webcontent/uuid/006efe7b-1b73-2910-c4ae-f45aa408da5b
.2 )Configuring the Portal for Your Reverse Proxy Filter Solution . ... This document describes the reverse proxy filter mechanism in SAP Enterprise ...
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/32ad9b90-0201-0010-3c8a-c900cd685f8f
3)have full reverse proxy functionality. Possibly. filter. requests. Internet ... Reverse proxy (optionally with authentication etc.) ...
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/c066c390-0201-0010-3cba-cd42dfbcc8be
Note:please reward points if solution found helpfull
Regards
Chandrakanth.k -
Problems with EM Database Control after applying 10.2.0.4 patchset
Hello all,
Host: Linux x86
DB: Single-instance running EM Database Control. Originally 10.2.0.1 patched to 10.2.0.4
Last night I upgraded the database from 10.2.0.1 to 10.2.0.4. All appeared to go well. I didn't get any errors in the process and when I logged in to the database control, all appeared well. It was late at night so I didn't browse around for very long, though. When I came in this morning and did some more extensive testing, upon logging in I first noticed that in the General section the database version was listed as 10.2.0.1.0. I thought that this was pretty odd since I had just been logged on to SQL*Plus and saw that the database was reporting back that it was at version 10.2.0.4.0. I refreshed the page and I saw
"java.lang.Exception: IOException in reading Response :: Connection reset"
at the top of the page. I have seen this problem before and, in the past, it has been resolved by either restarting the dbconsole or making sure that the monitoring configuration is set up correctly. The first thing that I did was issue
[host]$ emctl stop dbconsole followed by
[host]$ emctl start dbconsole
to see if that would do the trick. When I saw that it didn't, I went into the Monitoring Configuration and was surprised to see that it said "No items were found." I refreshed the page and this error appeared:
oracle.sysman.emSDK.emd.comm.CommException: IOException in reading Response :: Connection reset
I tried to follow all of the instructions in the ReadMe as closely as I could. I have been searching on the Internet and the Oracle Forums for most of the day to try to find out the cause of this error. I see that people have these errors, but the circumstances are not the same as mine. Is this a common problem? Does anyone know what I can do to resolve it?
Any help would be greatly appreciated.
Thanks!
JohnHello Satish,
Thank you for your reply. I don't know if this is normal or not but, now after the upgrade, in the ORACLE_HOME I have a directory that's been created called hostnameSID (the fully qualified host name of my computer and the SID of the database). Inside of it is a sysman directory, an emctl.pid file and an oraInst.loc file. I also still have a syman directory under the ORACLEHOME but the dbconsole appears to be running out of the hostname_SID directory. Is that normal?
I looked up the article that you referenced and looked for the targets.xml file first in the ORACLE_HOME/sysman/emd directory. I found a targets.xml file along with several other similar files, targets.xml.1, targets.xml.2, etc. The targets.xml file just had the following:
<Targets>
</Targets>
Seeing that it was blank, I then took a look at the the hostname_SID/sysman/emd folder. I saw only one targets.xml file in this location and when I opened it up it had the following:
<Targets AGENT_TOKEN="+alpha numeric string+">
<Target TYPE="oracle_emd" NAME="+hostname+:3938"/>
<Target TYPE="host" NAME="+hostname+"/>
</Targets>
The contents of that file seemed to match what the article which you cited indicated should be in the file. Since I have a single instance managed by the dbconsole and not EM Grind Control, I'm expecting the files to be a little bit different. Am I wrong in assuming that? Still, I'm not sure if I should have the hostname_SID directory beneath the ORACLE_HOME.
Any ideas?
Thanks again for your help,
John -
Problem with automated height/width after applying effect
Hey guys,
I have a panel that automatically resizes after some other contents is being added. All the time there is a scale-effect. Whenever I move the mouse over any of those children they zoom in and there the height & width of the parent container automatically resizes.
However I have a minimize button for that one along with a resize effect. I can resize the complete container to a minimize size (e.g. 40x40), but when I resize back with the same effect, the panel does not automatically resizes with added children anymore.
I did not set any special properties on the panel from the beginning, but some property must be different now. It is not "autoLayout" and also the "percentageWidth/Height" does not work properly as that command will cause the panel to stretch over the complete stage. Any suggestions here?Mmmh...that does not seem to solve the issue for me. Even when setting the width and height to NaN before the effect is played, it will still lead to a fixed height and width of the parent panel container. When I add new children the parent container is not properly resized, means that the chiildren just go beyond the parent container's border.
Setting these parameters after the effect is done leads to the following crash: ArgumentError: Error #2004: One of the parameters is invalid.
at flash.display::Graphics/drawRect()
at spark.accessibility::PanelAccImpl/eventHandler()[E:\dev\4.0.0\frameworks\projects\spark\s rc\spark\accessibility\PanelAccImpl.as:361]
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at mx.core::UIComponent/dispatchEvent()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\co re\UIComponent.as:12266]
at mx.core::UIComponent/dispatchResizeEvent()[E:\dev\4.0.0\frameworks\projects\framework\src \mx\core\UIComponent.as:9641]
at mx.core::UIComponent/commitProperties()[E:\dev\4.0.0\frameworks\projects\framework\src\mx \core\UIComponent.as:7866]
at spark.components.supportClasses::SkinnableComponent/commitProperties()[E:\dev\4.0.0\frame works\projects\spark\src\spark\components\supportClasses\SkinnableComponent.as:414]
at mx.core::UIComponent/validateProperties()[E:\dev\4.0.0\frameworks\projects\framework\src\ mx\core\UIComponent.as:7772]
at mx.managers::LayoutManager/validateProperties()[E:\dev\4.0.0\frameworks\projects\framewor k\src\mx\managers\LayoutManager.as:572]
at mx.managers::LayoutManager/doPhasedInstantiation()[E:\dev\4.0.0\frameworks\projects\frame work\src\mx\managers\LayoutManager.as:730]
at mx.managers::LayoutManager/doPhasedInstantiationCallback()[E:\dev\4.0.0\frameworks\projec ts\framework\src\mx\managers\LayoutManager.as:1072]
at flash.utils::Timer/_timerDispatch()
at flash.utils::Timer/tick()
Here is my code...anything wrong here.
private function recreateWindow(e:MouseEvent)//thrown once the user moves his mouse over the minimized panel
myResizeEffect.heightFrom = 40;
myResizeEffect.heightFrom = 40;
myResizeEffect.heightFrom = lastHeight;
myResizeEffect.heightFrom = lastWidth;
myResizeEffect.play();
myResizeEffect.addEventListener(EffectEvent.EFFECT_END,resetMinimizeValues);
private function resetMinimizeValues(event:EffectEvent):void
myResizeEffect.removeEventListener(EffectEvent.EFFECT_END,resetMinimizeValues);
//adding the old listeners before the panel was minimized
this.width = NaN;//crash
this.height = NaN;//crash
Any suggestions?
...and how can I remove the "Question answered"-tag...? -
Apache Reverse Proxy: Domain problem
Hi,
I have a problem with Apache Reverse Proxy (Apache 2.2) and SAP Enterprise Portal 6.0.
I configured Apache as a Reverse Proxy Server (with SSL)so that the portal is accessible through the internet. Everything is working fine but the OWA integration doesn't work over the Reverse Proxy.
If I log on to <u>http://portalsrv.mydomain.xx:12345/irj</u> the OWA integration works fine with SSO and there is no problem with session management.
If I log on to <u>https://revproxy.mydomain.zz:1234/irj</u> and want to open Outlook I get the message that Session management doesn't work. However the other components like ESS work fine. Deactivating the DSM Logger is not a solution to this problem.
The Log tells me:
1.
Application domain 'mydomain.xx' differs from Portal domain 'mydomain.zz'.
Session Management will not work for Application 'abc.mydomain.xx'
2.
Application schema 'http' differs from Portal schema 'https'.
Session Management will not work for Application 'abc.mydomain.xx'
Is there a possibility to write a Rewrite-Rule in the Apache-Conf?
For instance:
https://abc.mydomain.xx --> http://abc.mydomain.zz
Does anybody made such a rule?
I hope anybody can help me with the problem.
Thank youHi Daniel,
ok I`ll try to find a solution in parallel and keep you up to date.
In the following my settings in case I missed something:
<VirtualHost test.firma.de:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
ServerName test.firma.de:443
ServerAdmin [email protected]
LogLevel debug
ErrorLog logs/ssl_443_error
CustomLog logs/ssl_443_access_log common
ProxyVia Off
ProxyPreserveHost On
ReWriteEngine on
ReWriteLogLevel 0
ReWriteLog logs//ssl_443_rewrite_http.log
ProxyPass / https://backend.firma.de:50001/
ProxyPassReverse / https://backend.firma.de:50001/
</VirtualHost>
Regards, Jens -
Hi,
I'm trying to install Apache Reverse proxy which will support both HTTP and HTTPS request.
<b>What do I need to activate to support the HTTPS requests?</b>
I installed Apache 2.0.53 Released and trying to activate the mod_ssl.
From Where can I get the mod_ssl.so?
I saw that there are 2 projects:
Apache Interface to OpenSSL (mod_ssl)
Apache-SSL
Do I need to use them in case I want to use HTTPs?
Regards,
YaelGet the latest oppenssl compile it. before you compile apache, execute ./configure --help in the apache directory. It will give you the commands that you need to use to activate and deactivate various things in apache.
mine is as follows:
./configure --with-layout=GNU --enable-proxy --enable-ssl --with-ssl=/usr/lo
cal/src/apachessl/openssl-0.9.7f/ --enable-vhost-alias --enable-rewrite --enable
-so --enable-proxy-http --enable-proxy-connect --enable- headers
then make and make install.
hope it helps.
Jai -
Apache Reverse Proxy with Abap Web query
Hi to all
We are trying to configure apache 2 to work as a reverse proxy with web abap Netweaver installation.
From inside the network the web query is fine.
Running the query with the reverse proxy we have only the html code in the browser. All the scripts and css are not present.
We checked some messages inside the forum and we have tried a lot of stuff without success.
We use always linux (Fedora, Ubuntu with xampp or apache only) plus the html module or the publisher from http://apache.webthing.com.
Our installation is like this the reverse proxy in the dmz and the netweaver to the inside off coarse, and we don't have the same domain name, i don't know if this is important.
Any help/idea is valuable.
Thank you
YiannisHi Olivier
I have seen your solution in other messages but i didn't try it because i was trying to work with the html_proxy module.
I read the documents you gave me plus some apache tutorials on the rewrite rule.
In any case i have my installation working now.
I did some extra changes in my config so now the rules are like that
ProxyVia On
ProxyBadHeader IsError
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /sap http://192.168.1.59:8001/sap
ProxyPassReverse /sap http://192.168.1.59:8001/sap
RewriteEngine On
RewriteRule ^/(sap\(.*) http://192.168.1.59:8001/$1 [P,L]
Thanks again for your help
Yiannis -
Hi
I have installed Apache Reverse Proxy to access my Portal and ECC6.
In the httpd config file , i have done the following settings.
<VirtualHost ipaddress:port>
ProxyPreserveHost On
ProxyPass /irj/ http://portalserver:50000/irj/
ProxyPassReverse /irj/ http://portalserver:50000/irj/
ProxyPass /eccdev/ http://eccserver:8000/eccdev/
ProxyPassReverse /eccdev/ http://eccserver:8000/eccdev/
</VirtualHost>
eccdev is external alias for the path
/sap/bc/gui/sap/its/webgui/
With this setting when i when a request is made for eccdev/
it takes me to the ecc6 login page.
when i enter the required information , it just clears the username password fields.
i checked that the username password are correctly entered.
what is the problem ?
Regards
RajendraHi Darren ,
Thanks for the reply.
Our SSO between Portal and ECC6 works fine without Reverse Proxy.
If we access the Portal Through Reverse Proxy , when we navigate to any iViews say BSP iView , it asks for Username password. Once provided it works fine.
Second Scenario is Using Reverse Proxy to Directly access
SAP GUI . i.e without using Portal.
If i do not use Reverse Proxy , i can access my ECC6 webgui
through browser after providing the Login Details, but if i use Reverse Proxy then Even after providing the Login Details ,
the LogOn Box does not go and keeps asking for login details.
To summarize , i just want to acess the SAP GUI from Browser
using Reverse Proxy . I am able to do it without reverse Proxy .
Can you help ? -
Configuring a Apache Reverse Proxy for OracleAS Portal and OracleAS Single
I'm trying to implement my Oracle Portal 10g Release 2 with a reverse proxy (Apache 2.2) as described in this link: http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm#BEIFECEH without success. I have Oracle Portal, Oracle SSO,OID in the same domain and Apache Reverse Proxy in another domain. Has anyone had success using OracleAS Portal with a reverse proxy?
First of all i'm trying to configure a reverse proxy only for Ora SSO (infra tier). Here is what i already do:
APACHE REVERSE PROXY (Apache 2.2)
http:/proxy.mycompany.com:80
ProxyRequests off
ProxyPassInterpolateEnv On
ProxyPass / http:/portal.tech.everett.it:7777/
ProxyPassReverse / http:/portal.tech.everett.it:7777/
ProxyPreserveHost On
ORACLE SSO
http:/portal.mycompany.com:7777
Here are the steps i already do:
1- CONFIG OID
create an ldif file called setdasurl.ldif and insert as follow:
dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
changetype: modify
replace: orcldasurlbase
orcldasurlbase: http:/proxy.mycompany.com/
then do ldapmodify as follow:
ldapmodify -x -h portal.mycompany.com -p 3060 -D "cn=orcladmin" -w password1 -v -f setdasurl.ldif
2- CONFIG ORA SSO (as gentjan user)
export ORACLE_HOME=/home/gentjan/product/10.1.2/OracleAS/infra/
2.1-config Apache config of ORA SSO
vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
change from:
ServerName portal.mycompany.com
Port 7777
KeepAlive On
to:
ServerName proxy.mycompany.com
Port 80
KeepAlive Off
and add at the end of httpd.conf
RewriteEngine On
RewriteOptions inherit
2.2- update DCM Repository (as root)
*$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
2.3- modify SSO Server Home URL to reverse proxy hostname and port (as root)
*$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 80*
2.4- Updating the targets.xml File
Open the ORACLE_HOME/sysman/emd/targets.xml file and locate the target type oracle_sso_server.
vi $ORACLE_HOME/sysman/emd/targets.xml
Update the HTTPMachine and HTTPPort attributes with the proxy server host and port attributes that were passed to ssocfg. For example:
Property NAME="HTTPMachine" VALUE="proxy.mycompany.com"
Property NAME="HTTPPort" VALUE="80"
Property NAME="HTTPProtocol" VALUE="http"
Save and close the file.
Reload the Application Server Control Console by issuing this command (as gentjan):
*$ORACLE_HOME/bin/emctl reload*
2.5- Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port
some needed permissions
chmod -R 775 /home/gentjan/product/10.1.2/OracleAS/infra/dcm/
Re-register mod_osso (as gentjan)
*$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /home/gentjan/product/10.1.2/OracleAS/infra -site_name infra.proxy.mycompany.com -config_mod_osso TRUE -mod_osso_url http:/proxy.mycompany.com:80 -update_mode MODIFY*
2.6- update DCM Repository (as root)
*$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
2.7- Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier
*$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server*
*$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY*
After this modifications my reverse proxy is ok.
I can access to http:/proxy.mycompany.com:80 and this redirect me to Oracle Application Server Welcome page.
If i try http:/proxy.mycompany.com/pls/orasso/orasso.home, i can view the SSO Server Home page.
The problem that i find is when i click to Login page for Oracle SSO.
I have the following error:
Forbidden You don't have permission to access /pls/orasso/ORASSO.wwsec_app_priv.login on this server.
So, in other words i can't do the login/logout under reverse proxy. Anyone can help?
Gentjan -
Setting apache reverse proxy for EP6SP2
Hi friends,
I want to set apache reverse proxy for EP6SP2. But after doing the following changes, it is showing the SAP J2EE Engine documentation page.
The following changes has been dont to httpd.conf:
NameVirtualHost 1.1.1.1:80
<VirtualHost 1.1.1.1:80>
ProxyRequests Off
ServerName ep6.xyz.com
ProxyPreserveHost On
proxyPass / http://ep6.xyz.com:50000/
proxyPassReverse / http://ep6.xyz.com:50000/
ErrorLog logs/base.80.error.log
CustomLog logs/base.80.custom.log common
</VirtualHost>
Help needed.
Regards,
NilzHi,
I have a problem with my proxy:
ssl.conf.in like
ProxyPass /irj http://debmsu06.server.###.de:50300/irj
ProxyPassReverse /irj http://debmsu06.server.###.de:50300/irj
RewriteRule ^/$ /irj/portal [R]
If I use URL:
https://bebuyer.###.de/ goto https://bebuyer.###.de/irj/portal
but if I use
https://bebuyer.###.de/irj/
I get the info:
https://bebuyer.###.de/irj/HTTPS:/bebuyer.###.de:443/irj/index.html
What is happened? How I can redirect to /irj/portal?
Of course I can use
http://debmsu06.server.###.de:50300/irj/
Could you please give me some tips?
Best Thanks!
Heren Zhou -
Apache reverse proxy and SSL termination
Hi Guru's
Can anyone tell me, how to do SSL termination at apache reverse proxy. I am using apache reverse proxy for accesing portal from internet. Apache is configured for SSL and portal is NON SSL.
I am using header variable login module in portal. i wanted to terminate SSL at apache reverse proxy and then all traffic after that should be clear text.
should i maitain any property. is there any documentation for it.
Please help me
TomThe majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.
You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.
what level I need to configure SSL and how do I proceed in both scenarios?
Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.
how do I proceed in both scenarios?
From a portal perspective, the configuration should remain the same.
Do I have to install SSL at portal, web dispatcher or at Apache level?
SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.
See the following for possible SSL implementation options:
http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
https://cw.sdn.sap.com/cw/docs/DOC-115509
Will SSL termination work for scenario 2?
Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm
However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.
I would recommend you to take a step by step (backward approach).
First, enable SSL on your portal and make sure it works - going directly to the server.
Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.
Finally - you can test the end to end flow - with your Reverse proxy involved.
- Shanti -
Apache reverse proxy setting for access to Backend
Hi experts,
we have set up apache reverse proxy to make available our NW portal (and SRM functions)over the internet.
Our settings look something like this:
ProxyRequests Off
<VirtualHost *:80>
ServerName myportal.portalhosto.com
ProxyPreserveHost On
ProxyPass /irj/ http://myportal.portalhost.com:53200/irj/
ProxyPass /webdynpro/ http://myportal.postalhost.com:53200/webdynpro/
ProxyPassReverse /irj/ http://myportal.portalhost.com:53200/irj/
ProxyPassReverse /webdynpro/ http://myportal.portalhost.com:53200/webdynpro/
ErrorLog logs/myportal.portalhost.com-error.log
CustomLog logs/myportal.portalhost.com-custom.log combined
RewriteEngine On
RewriteRule ^/sap/(.*)$ http://mybackend.backendhost.com:8020/sap/$1 [P,NC]
</VirtualHost>
Problem:
when we access the portal from the internal network(either by using the internal URL or external URL) things work fine.
But we access the portal from internet, we are able to login to the portal and acess all webdynpro Java related applications.But when we try to acess the BSP/WD abap application running on a backend SRM system, we get 'host not found' message with the INTERNAL url of the SRM backend application displayed.
Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
Any help in resolving this would be greatly appreciated.
regards,
KiranHi,
Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
Yes , you have to expose your backend system using reverse proxy ...
When user access the portal and when he clicks on BSP/WD , the URL get re-directed to backend system.
But , as your backend system is not expose on internet , you get an error as host not found.
So, to solve your problem you have to expose your backend system on internet. It is in general pratice to expose on internet.
Thanks
Anil -
401 Unauthorized: Running portal behind an APACHE reverse proxy
Hello to all,
we've got following scenario:
www <-HTTPS-> APACHE (external SSL termination) <-HTTPS-> portal
If I call the internal URL (https://backend.xy.de:443/irj/portal) of the portal,
I'll be redirected to the logon servlet and logon to the portal application is possible.
Now we set up a APACHE reverse proxy in oder to access the portal from internet.
I've set up a virtual host:
<VirtualHost test.xy.de:443>
<Location />
ProxyPass https://backend.xy.de:443/
ProxyPassReverse /
</Location>
</VirtualHost test.xy.de:443>
But now if I call the portal application https://test.xy.de/irj/portal I get the following error:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Any idea how to fix this?
Regards ChristianHello Tobias,
I have adapted your idea, but without success.
I've checked the cookies. No cookies are delivered by the J2EE-Server.
HTTP-ResponseHeader contains following entries:
HTTP/1.1 401 Unauthorized
Date: Thu, 26 Jan 2012 08:31:55 GMT
WWW-Authenticate: Negotiate
Content-Length: 381
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
But its a bit strange.
If I call url https://xy.de/index.html the start page will be displayed.
A log on to system information is possible, but if I try to open the nwa, I get the same error.
So I think this is a problem with the logon servlet. Sites with basic-authentication work.
Calling the logon servlet direct https://xy.de/logon/logonServlet I get the same error.
I don't think, there is a problem with the apache configuration.
If I change the ProxyPass directive to another J2EE server everything works fine.
There is only one difference between both system.
System 1 (error system) is a SAP Netweaver 7.01 SP10
The other system is a SAP Netweaver 7.02 SP 9
Regards Christian
Edited by: Christian Kaiser on Jan 26, 2012 9:53 AM -
OCS on a single computer / DMZ using Apache reverse proxy
Hi there,
we've installed the OCS 10.1.2 on a single Solaris box in our internal LAN. Everything works fine internally. We would like to configure a Apache reverse proxy in our DMZ to get the possibility to use it from outside (as shown in "Oracle Collaboration Suite Deployment Guide", chapter 3, Figure 3-2 Single Computer in a DMZ). Unfortunately I didn't find any configuration hints for the reverse proxy.
Can someone provide me with an example configuration?
Thanks,
ChristophHello Andreas and Christoph!
I have the same problem like Christoph. We made a Singlebox-Installation of OCS 10.1.2 in the intranet. Now I am looking for installation documentation, how I have to configure a Apache or Oracle Standalone Webcache as a reverseproxy in the DMZ. to allow access the OCS from the internet. I only read, that it is possible, but nothing about the way.
I have installed a Webcache (OAS 10.1.2 Java Edition not dht standalone Veersion from the Companion CD) and configured by my own knowledge. The result was network errors.
Is there anywhere information?
Best regards!
Axel -
Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
to Public URL = "proxy URL".
In Host Named Site Collections, alternate access mappings are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
URL is associated. This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
point HNSC to respond to a different URL(proxy URL). Consequently, Share Point URLs are exposed to external users.
Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If hiding the internal Share Point URLS is a requirement,
it suggests to use a web application instead of host named site collections.
Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
Excerpt from above article-
"Host Named Site Collections Only Use One Host Name
Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
are always considered to be in the Default zone. This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
calls to the same URL. If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>Hi Satish,
You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
It is by design that each host-name site collection only support one URL for each zone.
The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
https://support.microsoft.com/en-us/kb/2826457
So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
Best regards.
Thanks
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]
Maybe you are looking for
-
When I try to download adobe flash player everything goes fine and the download finishes. When asked to install I get a message that says it will not install while an application is running. Which is Mozilla Firefox
-
How do I found out what generation is my iPod?
where can I found what version is my iPod?
-
Scheduling ABAP Program to run Daily
Hi, In my current scenario, i require my ABAP program(ZMYPROGAM) to run periodically (say every 1 hour/ 1 Day). Is it possible to schedule it so? kindly let me know how to go about. Regards, Siva Maranani.
-
Connecting & Using G3 iBook With MacBook Pro
I am planning to buy a MacBookPro shortly when I am in the States. Will I be able to connect to my iBook G3 on 10.3.9 (640mb) both to transfer files and to use the iBook as an external hard-drive (bootable)? If so, do I need anything more than the co
-
Super-Pink ... monitor calibration and Lightroom?
I've been working on a set of files in Lightroom 2 on a PowerBook G4. I transferred them recently to a Power Mac G5. Before examining these files in Lightroom on the G5, I did a monitor calibration on my NEC 2080UX using an Eye-One device. The profil