Reverse Proxy FTP server

Similar Messages

• Load Balancing with Reverse Proxy Plug-in in SunOne 6.1

  Hello
  we are configuring our reverse proxy web server SunOn 6.1 for load balancing and we have some conflicting information that we have found on the internet. The options we have found are the following:
  1- In one case, it seems that all we need to do is add the destination servers to the servers parameter (quoted, space-delimited). We have read that the proxy server will simply round-robin requests.
  2- In another case, we have seen that we have to use an loadbalancer.xml file with the server names and reference the file from both magnus.conf and obj.conf.
  I have doubts about the second option because I really think this is configuration in 7.0 not 6.1.
  Also, I also need to configure session stickiness but it is not clear how this works. There is an option for sticky cookies that defaults to JSESSIONID if not configured. Does this mean that I will have session stickiness but simply without the use of cookies?
  ANY HELP? We need to solve this in the next day.

  HI,
  This may work for you.
  obj.conf
  <Object name="passthrough1">
  Service fn="service-passthrough" servers="http://localhost:8080"
  </Object>
  <Object name="default">
  AuthTrans fn="match-browser" browser="MSIE" ssl-unclean-shutdown="true"
  NameTrans fn="assign-name" from="/idm(|/*)" name="passthrough1"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="D:/Sun/WebServer6.1/ns-icons" name="es-internal"
  NameTrans fn="document-root" root="$docroot"
  PathCheck fn="nt-uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index" index-names="intro.htm,index.html,home.html,index.jsp"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/imagemap" fn="imagemap"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD|POST)" type="~magnus-internal/" fn="send-file"
  Service method="TRACE" fn="service-trace"
  Error fn="error-j2ee"
  AddLog fn="flex-log" name="access"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="cgi">
  ObjectType fn="force-type" type="magnus-internal/cgi"
  Service fn="send-cgi"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  ============================================
  magnus.conf
  # The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
  # They will not be supported in future releases of the Web Server.
  NetsiteRoot D:/Sun/WebServer6.1
  ServerName abc
  ServerID https-www.abc.com
  RqThrottle 128
  DNS off
  Security off
  ExtraPath D:/Sun/WebServer6.1/bin/https/bin
  Init fn=flex-init access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%"
  Init fn="load-modules" shlib="D:/Sun/WebServer6.1/bin/https/bin/j2eeplugin.dll" shlib_flags="(global|now)"
  Init fn="load-modules" shlib="D:/Sun/WebServer6.1/plugins/passthrough/passthrough.dll"

• Solution: iPad/iPhone Login issues with IIS as Reverse Proxy (Android and Windows Phone works)

  Hi,
  I had issues with iPad/iPhone access from external and tried a lot. Now I found my solution I like to share.
  I setup a IIS on Windows Server 2012 with ARR 2.5 and Android and Windows Phone could login but not iPad and iPhone.
  The IIS Log on the reverse proxy showed:
  2013-02-26 12:03:31 <IP> POST /webticket/webticketservice.svc X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=1996c8d7-09d0-4310-8da4-a8dfb7940e28 443 - <ClientIP> Lync%202010/1.6+CFNetwork/609+Darwin/13.0.0 - 401 0 0 124
  2013-02-26 12:03:31 <IP> POST /webticket/webticketservice.svc X-ARR-CACHE-HIT=0 443 - <ClientIP> Lync%202010/1.6+CFNetwork/609+Darwin/13.0.0 - 502 3 12018 93
  First Request gets a 401 while anonymous. Second try would be with authentication but it never reached the internal front end server.
  After I installed a fix for ARR
  http://forums.iis.net/t/1195560.aspx/1?ARR+502+3+Bad+Gateway+0x80072ef2+2147954418+The+supplied+handle+is+the+wrong+type+for+the+requested+operation the Apple Devices could login.

  Hi,
  This resolved our problem too!! So happy after 2 weeks of messing around with just about every setting recommended from all types of forums and rebuilding our reverse proxy I was at a loose end. 
  Our environment is Lync 2013 Enterprise, Lync 2013 Edge, IIS as Reverse Proxy on Server 2012 using ARR 2.5
  We had Android and Windows clients working but no iOS devices at all. In the iOS log we were seeing 
  <h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>502 - Web server received an invalid response while acting as a gateway or proxy server.</h2> <h3>There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.</h3> </fieldset></div></div></body></html>
  When the client was trying to retrieve from the webticketservice.svc
  2013-04-11 17:19:44.659 Lync[4970:6c61000] INFO TRANSPORT TransportUtilityFunctions.cpp/907:<ReceivedResponse>
  POST https://lyncwebext.contoso.com/webticket/webticketservice.svc
  Request Id: 0x72cfc18
  HttpHeader:Content-Length 1477
  HttpHeader:Content-Type text/html
  HttpHeader:Date Thu, 11 Apr 2013 16:22:25 GMT
  HttpHeader:Server Microsoft-IIS/8.0
  HttpHeader:StatusCode 502
  Installed the HotFix from here:-
  Hotfix for Microsoft Application Request Routing Version 2.5 for IIS7 (KB 2732764) (x64)
  Rebooted the Reverse Proxy and iOS clients worked straight away for both Lync 2010 and Lync 2013 on both iPhone 5 and iPad both. 
  I hope this helps others as I was losing the plot :-)
  Cheers
  Sam

• Reverse Proxy Configuration help Needed

  Hi,
  What steps should i follow if i have both Sun Web Server 6.1.
  Web Server 1 - http://192.168.20.40:768 (Want to use this as reverse proxy)
  Web Server 2 - http://201.192.30.20:1010
  Can anyone please guide me what changes i should do in obj.conf and magnus.conf.
  Add this line in Magnus.conf
  Init fn="load-modules" shlib="/appl/sunjs/SUNWwbsvr/plugins/passthrough/libpassthrough.so"
  This libpassthrough.so location is in the Server 1.
  Add the below line in obj.conf
  <Object name="passthrough">
  Service fn="service-passthrough" servers="http://team.yahoo.co.nz:1010"
  </Object>
  Do i need to do any changes to the obj.conf and magnus.conf in the Server 2.
  Please let me know if i am going wrong.
  Regards,

  Hi,
  Reverse Proxy Web Server - http://Sol9-dev.uname.yahoo.co.nz:8002
  All request Want to redirect to - http://Sol10-dev.uname.yahoo.co.nz:8080
  Obj.Conf
  <Object name="default">
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="assign-name" from="/amserver(|/*)" name="reverse-proxy"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn=pfx2dir from=/mc-icons dir="/appl/sunjs/SUNWwbsvr/ns-icons" name="es-internal"
  NameTrans fn=document-root root="$docroot"
  PathCheck fn=unix-uri-clean
  PathCheck fn="check-acl" acl="default"
  PathCheck fn=find-pathinfo
  PathCheck fn=find-index index-names="index.html,home.html,index.jsp"
  PathCheck fn=validate_session_policy
  ObjectType fn=type-by-extension
  ObjectType fn=force-type type=text/plain
  Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
  Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
  Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
  Service method=TRACE fn=service-trace
  Error fn="error-j2ee"
  AddLog fn=flex-log name="access"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="cgi">
  ObjectType fn=force-type type=magnus-internal/cgi
  Service fn=send-cgi user="$user" group="$group" chroot="$chroot" dir="$dir" nice="$nice"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="send-compressed">
  PathCheck fn="find-compressed"
  </Object>
  <Object name="compress-on-demand">
  Output fn="insert-filter" filter="http-compression"
  </Object>
  <Object ppath="*/dummypost/sunpostpreserve*">
  Service type=text/* method=(GET) fn=append_post_data
  </Object>
  <Object ppath="*/UpdateAgentCacheServlet*">
  Service type=text/* method=(POST) fn=process_notification
  </Object>
  <Object name="reverse-proxy">
  Service fn="service-passthrough" servers="http://sol10-dev.uname.yahoo.co.nz:8080"
  </Object>
  Log Messages
  [22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/, ntrans-j2ee reports: directory listing for context "/amserver"
  [22/Apr/2008:13:36:11] fine ( 4761): GET requests for virtual server https-Sol9-dev-pa.uname.yahoo.co.nz can safely bypass ACL checks
  [22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/index.html, service-passthrough reports: PASS1022: passing request to http://Sol10-dev.uname.yahoo.co.nz:8080
  [22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/index.html, service-passthrough reports: PASS1037: not rewriting "Location: http://Sol9-dev.uname.yahoo.co.nz:8002/amserver/index.html" from http://Sol10-dev.uname.yahoo.co.nz:8080
  [22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/UI/Login, service-passthrough reports: PASS1022: passing request to http://Sol10-dev.uname.yahoo.co.nz:8080
  [22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/UI/Login, service-passthrough reports: PASS1037: not rewriting "Location: http://Sol10-dev.uname.yahoo.co.nz:8002/amserver/UI/Login" from http://Sol10-dev.uname.yahoo.co.nz:8080
  Now i do not have anything in the reverse proxy server /amserver apart from the index.html (http://Sol9-dev.uname.yahoo.co.nz:8002/amserver/index.html)
  I guess i do not need to have the same application on the reverse proxy as of the original server where i am redirecting.
  Hope to find a solution soon.
  Thanks for all your help.
  Reagrds,

• How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)
  for hosting some of the public resource and reverse-proxying other parts
  of the URI namespace from other backend servers (content, application
  and other types of servers).
  So far every type of backend server served a unique part of the namespace
  and there was no collision of names, and the backend resources were
  published in a one-to-one manner. That is, a backend resource like, say,
  http://appserver:8080/content/page.html would be published in the internet
  as http://www.publicsite.com/content/page.html
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.
  Another quest, possibly related in solution, was to make a tidy url for the
  first page the user opens of the site. That is, in the current solution when
  a visitor types the url "www.publicsite.com" in his or her browser, our web
  server returns an HTTP-302 redirect to the actual first page URL, so the
  browser sends a second request (and changes the URL in its location bar).
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  So far I found that I can't solve these problems. I believe these problems
  share a solution because it relies on ability to control the actual URI strings
  requested by Sun Web Server from backend servers.
  Some details follow, now:
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  [04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
  trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
  fn="service-passthrough" rewrite-host="true" rewrite-location="true"
  servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
  returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
  # this causes /content/* to be taken from another (backend) server
  NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
  # this causes requests to site root to be HTTP-redirected to a certain page URI
  <If $uri =~ '^/$'>
      NameTrans fn="redirect"
          url="http://www.publicsite.com/content/MainPage.html"
  </If>
  <Object name="content-test">
  ### This maps http://public/content/* to http://10.16.2.127:8080/content/*
  ### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
      Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
      Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
  </Object>
  I have also tried "restart"ing the request like this:
      NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
      Service fn="set-variable"  uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
  in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
  //Jim

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
  yes, you could do something like
  - edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
  <Object name=¨default¨>
  <If $uri = ¨/page/¨>
  #move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
  NameTrans.. fn=map
  </If
  </Object>
  and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
  finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
  <install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
  http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
  finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
  http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
  >
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  please check out the rewrite / restart SAF. this should help you.
  http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
  pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
  http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  feel free to post to us if you need any futher help
  you are probably better off - starting fresh
  - install ws7u4
  - use gui or CLI to create a reverse proxy and map one on one - say content
  http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
  if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
  <install-root>/bin/wadm disable-java user=admin config=<hostname>
  <install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
  >
  I have also tried "restart"ing the request like this:
  NameTrans fn="restart" uri="/data"
  ordering is very important here... you need to do this some thing like
  <Object name=default>
  <If not $restarted>
  NameTrans fn=restart uri from=/¨ uri=/foo.
  </If>

• WebServer 6.1 SP3 SSL reverse proxy to Sun One Application Server 7

  I have an application in the appserver7 that requires SSL authentication. I have already installed a self cert in the appserver7, and the authentication works fine when I browse directly to the appserver.
  The appserver7 has both listener for port 80 and 443 enabled.
  I'm currently setting up a webserver (WebServer 6.1 SP3) to act as a reverse proxy to the appserver7. The reverse proxy for the basic jsp pages found in the appserver worked fine.
  When I try to access the login page, in the appserver, in ssl mode, I am unable to do so. I then try changing the obj.conf to the following, from http to https:
  <Object name="passthrough">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  Service fn="service-passthrough" method="(GET|HEAD|POST)" servers="https://172.2
  8.48.53"
  However, it still doesn't work.
  Do I need to install a self cert in the webserver and enable the ssl listener as well?
  Do I need to install any reverse proxy addon for the appserver? Any
  setup for the obj.conf in the appserver?
  Any ideas how to get this done?
  Thanks.
  Mac.

  The Web Server 6.1 SP3 Reverse Proxy Plugin is supported, but it sounds like you're trying to do something that simply isn't possible.
  If you want the Reverse Proxy Plugin to perform SSL mutual authentication with the Application Server using the client's certificate, that's impossible due to the nature of SSL mutual authentication. If the plugin could impersonate the client, then SSL would be vulnerable to MITM (Man In The Middle Attacks). Fortunately, SSL isn't vulnerable to such attacks because the plugin doesn't know the client's private key.
  If you simply want the Reverse Proxy Plugin to pass information about the client's certificate along to the Application Server, that hapens automatically. There's nothing special to configure. Note that the plugin will not authenticate to the Application Server in this case. Rather, it will simply copy the X.509 certificate into the proprietary Proxy-auth-cert: HTTP request header.
  The application running on the Application Server can inspect the Proxy-auth-cert: header using standard Servlet APIs. Alternatively, you can use Application Server 7's auth-passthrough AuthTrans SAF to cause the contents of the Proxy-auth-cert: header to be copied to the javax.servlet.request.X509Certificate Servlet attribute.

• Reverse proxy to applications on a server by just domain names possible?

  Hi All
  I am looking for a solution to set up a single server, that hosts four J2EE web applications running on a Glassfish application server with just only one IP address.
  When a user wants to use an application, he/she can just type URL without specifing port and path, and the corresponding web application will be displayed accordingly as shown below
  http://sub1.domain1.com -- > webapp1 at port 9100
  https://sub2.domain1.com -- > webapp2 at port 9200
  http://sub1.domain2.com -- > webapp3 at port 9300
  https://sub2.domain2.com -- > webapp4 at port 9400
  I am wandering whether I could use reverse proxy of Sun Java System Web Server 7 to route the traffic from the domain names to their own application on Glassfish as shown above? I tried by creating two HTTP listeners to listen at port 80, and 443 respectively, but I could not access different applications based on domain names without specifying specifix path or port.
  Is there any recommended resources or example of the mapping, or any other suggested solution?

  Thank you for your reply nsegura. I created 4 different virtual servers as you suggested and it worked :)
  However, I have a problem in reverse proxy base on path.
  The scenario is below
  I have an J2EE application that needs to be deployed in three different environment (production, training, testing). It
  is the same application for three environments, so I want them to have the same context-root. I want to use Sun Web Server 7.0 to reverse proxy to the application in each environment based on path, not URL redirect. Example of URL are shown below
  https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
  https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /app)
  https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /app)
  So far, it works if I set context-root of the application in each environment differently
  https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
  https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /training/app)
  https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /testing/app)
  I am wandering whether there is a solution with Sun Web Server 7 that I can use to achieve reverse proxy of the same application in different environments without having to modifying context-root for each environment and use URL redirect?
  I was thinking about using rewriting path with reverse proxy, but I did not see this function under reverse proxy tab.
  Any ideas?

• Sun Web server 6.1 SP9 Reverse proxy - Changing Web Server Context

  I am trying to configure a Reverse Proxy such that it can change the context of the requested URL.
  My SOWS reverse proxy plug-in is running on server server1.sample.com and the destination server is running on server2.sample.com. The use case, the incoming URL is [|http://server1.sample.com/dummy1/]...... and I need to map this to {color:#0000ff}http://server2.sample.com/*dummy2*/.....;{color} It looks like the reverse proxy only maps to a server level but disregards the context. The reason I say that, in the server 2 logs I see - .... trying to GET /dummy1....; I needed the call to look for dummy2 context. Can this be done?

  well, web server uri processing does not understand web application level context (in terms of java web applications). however, if you would like to map all uri's ending with /dummy1 to go to /dummy2, then you can easily do this with web server 7 regular express processing
  http://blogs.sun.com/elving/entry/mass_virtual_hosting_in_7
  http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
  besides web server 7 includes a very tightly integrated reverse proxy unlike 6.1 where you need reverse proxy as a separate plugin. so, you might want to check out if ws7 can serve your needs
  - sriram

• Web Server 7 Reverse Proxy URI Config

  I am testing WS 7.2 to replace WS 6.1 and need input on the configuration of the reverse proxy setup. We currently are using the reverse proxy plugin on our 6.1 servers but I cannot get the same configuration to work on 7.2. I have followed the admin document but I don't want to use / as my URI. I need to only proxy requests for URLs that end in *cfm.  Can I configure the new server to work like the 6.1 version?
  6.1 Config
  =======
  obj.conf
  NameTrans fn="assign-name" from="(*.cfm)" name="passthrough"
  <Object name="passthrough">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://host:8281"
  Error reason="Bad Gateway" fn="send-error" uri="$docroot/badgateway.html"
  </Object>
  magnus.conf
  Init fn="load-modules" shlib="/opt/SUNWwbsvr/plugins/passthrough/libpassthrough.so" funcs="init-passthrough,auth-passthrough,check-pass
  through,service-passthrough" NativeThread="no"
  Init fn="init-passthrough"

  In Web Server 7.0 you can use built in reverse proxy feature rather than using libpassthrough.so
  configuring reverse proxy
  http://docs.sun.com/app/docs/doc/820-2202/gdabp?l=en&a=view
  http://docs.sun.com/app/docs/doc/820-2204/create-reverse-proxy-1?l=en&a=view
  More information about map SAF :
  http://docs.sun.com/app/docs/doc/820-2203/gdhnz?l=en&a=view
  set-origin-server sAF:
  http://docs.sun.com/app/docs/doc/820-2203/gdhqc?l=en&a=view
  Blogs :
  http://blogs.sun.com/meena/entry/configuring_reverse_proxy_in_sun

• Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

  Hi,
  I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
  I have configured a context root to be forwarded to weblogic:
  Web Server: www.server.com
  URI: /path
  Reverse Proxy URL: wlserver:9000
  When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
  If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
  Would appreciate it very much if someone can help me troubleshoot this issue.
  Thanks in advance!
  Edited by: agent_orange on Jul 29, 2010 2:30 AM
  Edited by: agent_orange on Jul 29, 2010 2:31 AM

  I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
  - create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
  - select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
  that is all it should need.
  your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
  <Object name="default">
  AuthTrans..
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </object>
  <Object name="reverse-proxy-/">
  Route fn=....
  Service ..
  </Object>
  this is all you should need..
  However, if you wanted to add complexity to your configuration, you could do some thing like
  <Object name="default">
  Auth..
  <If defined $security>
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </If>
  </Object>
  <Object name="reverse-proxy-/">
  Route...
  </Object>

• Sun One Application Server 7 SSL Reverse Proxy Setup?

  Hi,
  I've made a similiar post on the Web Server forum,
  http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
  I've noticed there's a reverse proxy plug in setup for Web Server,
  as well as a AddOn package for Application Server.
  I've so far successfully installed the reverse proxy plugin for
  the Web Server and it manage to passthrough the jsp contents
  to the Application Server.
  There's a file in our application server, Step2Cert.jsp in the
  appserver that requires to be viewed/accessed in https mode
  and I'm guessing the Web Server to Application Server communication
  should be in https?
  Anywhere I can find references on how this can be done?
  My two references:
  Web Server Reverse Proxy Plug-in
  http://docs.sun.com/source/819-0902-05/rpp61.html
  Web Server and Application Server setup for passthrough
  http://docs.sun.com/source/819-2783/agplugin.html
  I've not installed the AddOn package for the Appserver yet. But
  I figured I should, right? I'm rather confused about the two
  package.
  Thanks,
  Mac.

  Hi,
  I've made a similiar post on the Web Server forum,
  http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
  I've noticed there's a reverse proxy plug in setup for Web Server,
  as well as a AddOn package for Application Server.
  I've so far successfully installed the reverse proxy plugin for
  the Web Server and it manage to passthrough the jsp contents
  to the Application Server.
  There's a file in our application server, Step2Cert.jsp in the
  appserver that requires to be viewed/accessed in https mode
  and I'm guessing the Web Server to Application Server communication
  should be in https?
  Anywhere I can find references on how this can be done?
  My two references:
  Web Server Reverse Proxy Plug-in
  http://docs.sun.com/source/819-0902-05/rpp61.html
  Web Server and Application Server setup for passthrough
  http://docs.sun.com/source/819-2783/agplugin.html
  I've not installed the AddOn package for the Appserver yet. But
  I figured I should, right? I'm rather confused about the two
  package.
  Thanks,
  Mac.

• Reverse Proxy with Sun Web Server 7 update 4

  Hi All,
  I've just migrating to Sun Java System Web Server 7.0U4 B12/02/2008 from Sun Java System Web Server 7.0-Technology-Preview-3 B09/13/2006. I've have the two web servers running side by side on separate machines. Both have a VS configured as a reverse proxy pointing to the same apache tomcat web server.
  The Tech Preview 3 server works fine and has been doing since it was installed. However the Update 4 server doesn't. I can access the tomcat app via the U4 server in a browser, but not with the app on my mobile (sync ML). Snooping the traffic show me that the U4 server is sending a different response that the Tech Preview server. I'm thinking it may have to do with Transfer Encoding: chunked. I've looked around the web to see if I can turn this off in the U4 server, as I seem to recall having to do so at some point in my life, though I can't remember when and with what.
  Does anybody have any clues they can throw at me?? Or anybody know what has change in the reverse proxy part of the web server from Tech Preview 3 to U4??
  Both VS reverse proxies are congfigured exactly the same.
  Thanks,
  Stuart.

  well, technology preview is what the name says .. i am surprised that u decided to stick with a technology preview release all these days.. in any case, there should not have any feature change between technology preview build and U4. but , there has been lot of bug fixes - so, unless we know the exact problem - we can't easily narrow down the change between tp3 build with U4 and find out how it is affecting u.
  here is a related article on how to use chunked encoding within web server 7
  http://developers.sun.com/webtier/reference/techart/chunked_req.html
  now, to help you more appropriately, you need to provide us with errors (probably with log level set to finest within server.xml) and let us know with the error reported by web server when it is unable to send those requests to back end tomcat
  you can set log level to finest by running the following command
  /sun/webserver7/bin/wadm set-config-prop -user=admin --config=<hostname> log-level=finest
  /sun/webserver7/bin/wadm deploy-config --user=admin <hostname>
  http://docs.sun.com/app/docs/doc/820-4842/set-config-prop-1?a=view
  (once you have identified the problem, you might want to set log level to info as setting to finest will cause your logs to grow humongous and also hurt performance
  thanks
  sriram

• Sun Web server 7  - Reverse proxy to different

  Hi All,
  I have following scenario:
  I have deploy my application into 2 dedicated weblogic servers, http://host1:7001/myapp and http://host2:7001/myapp. How can I configure the reverse proxy so whenever user enter the URL, webserver will forward different app server like below;
  #1 - http://abc.com >> web server will forward to http://host1:7001/myapp
  #2 - http://abc.com/controller>> web server will forward to http://host2:7001/myapp
  I follow tutorial from this link >> http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  For requirement #1 it work perfectly since i put URI = /myapp and Server URL = http://host1:7001.
  But for #2, it doesnt work since I put the URI=/controller.
  We wanted to be like http://abc.com/controller, so it will forward to second app server which difference application.
  Is it possible? or any other to do like that?
  Thanks!

  Hi Sriram,
  I'm having similar problem with atehac, the only difference is that the web server
  #1 http://domain.com/web1 >> forwarded to http://local-pc1.com:8080/
  #2 http://domain.com/web2 >> forwarded to http://local-pc2.com:8080/
  This is the setting that I've made in <vs>obj.conf :
  NameTrans fn="map" from="/web1" name="reverse-proxy-/web1" to="http:/"
  NameTrans fn="map" from="/" name="reverse-proxy-/web1" to="http:/"
  NameTrans fn="map" from="/web2" name="reverse-proxy-/web2" to="http:/"
  NameTrans fn="map" from="/" name="reverse-proxy-/web2" to="http:/"
  <Object name="reverse-proxy-/web1">
  Route fn="set-origin-server" server="http://local-pc1.com:8080"
  </Object>
  <Object name="reverse-proxy-/web2">
  Route fn="set-origin-server" server="http://local-pc2.com:8080"
  </Object>
  But the problem is local-pc2 won't be able to be accessed, while for local-pc1 will be mapped, but it omit /web1
  So it will be like http://domain.com/web1 at the beginning, but after I press enter it became like http://domain.com
  What I wish is something like http://domain.com/web1 all the way.
  Do you have any idea Sriram?
  Regards,
  Berry

• How to configure SharePoint HNSC with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.

  Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
  In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with  Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
  to Public URL = "proxy URL".
  In Host Named Site Collections,  alternate access mappings  are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
  URL is associated.  This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
  point HNSC to respond  to a different URL(proxy URL). Consequently, Share Point URLs are exposed to  external users.
  Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If  hiding the internal Share Point URLS is a requirement,
  it suggests to use a web application instead of host named site collections.
  Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
  http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
  Excerpt from above article-
  "Host Named Site Collections Only Use One Host Name
  Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
  are always considered to be in the Default zone.  This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
  as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
  calls to the same URL.  If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>

  Hi Satish,
  You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
  It is by design that each host-name site collection only support one URL for each zone.
  The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
  https://support.microsoft.com/en-us/kb/2826457
  So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
  Best regards.
  Thanks
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Sharepoint 2013 + Windows Server 2012 as reverse proxy

  Hello All -
  I'd like to ask if anyone has any experience with the new Windows Server 2012 (reverse) proxy, in providing a single sign-on service to Sharepoint 2013.
  Scenario:
  My client has a Sharepoint 2013 with 3 web applications (portal, teamsites, mysites). All three URLs are available externally via HTTPS only. All clients have AD credentials (no requirement for claims based authentication), although this includes 3 domains
  in two different forests (trusts exist). Everything is already configured to allow clients access from domain-joined devices.
  My client would like mobile devices (not domain-joined) to be able to access the three web applications without repeated logon prompts. Browser default settings must be used, they do not want to instruct people to perform any configuration on their mobile
  device - it all has to work "out of the box" from the client side. Clients will be using iPads and iPhones with Safari, Windows Phones, Androids etc.
  I'm considering proposing the use of a reverse-proxy, and rather than using the now depracated Forefront TMG or probably soon-to-be depracated UAG, I would like to jump straight in to the new and very cool looking Windows 2012 proxy server.
  It's my understanding that this will provide a single sign-on service in this scenario. I'm unsure whether an ADFS server is also required even for pass-through, the information available is unclear, and also whether any special configuration is required
  to a domain controller (DCs in the environment are all 2008R2, with 2008R2 functional level).
  I would appreciate it if anyone could give an overview or point me in the direction of some accurate documentation regarding all of the above. Most importantly, if any of my assumptions above seem incorrect, please let me know.
  Thank you!
  sysadmin

  I've heard no supportability statement with SharePoint and the Web Application Proxy (likely because it isn't GA yet).  However, it does use ADFS for SSO, so you'll have to SAML-enable your Web Applications.  The only downside to this is if you
  use anything that is SAML-unfriendly, like PowerPivot [Data Refresh] and at least in 2010, Visio Services and InfoPath Forms Services.
  Trevor Seward, MCC
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.