Setting up of Proxy & Reverse Proxy

Similar Messages

• 401 Unauthorized: Running portal behind an APACHE reverse proxy

  Hello to all,
  we've got following scenario:
  www <-HTTPS-> APACHE (external SSL termination) <-HTTPS-> portal
  If I call the internal URL (https://backend.xy.de:443/irj/portal) of the portal,
  I'll be redirected to the logon servlet and logon to the portal application is possible.
  Now we set up a APACHE reverse proxy in oder to access the portal from internet.
  I've set up a virtual host:
  <VirtualHost test.xy.de:443>
       <Location />
            ProxyPass https://backend.xy.de:443/
          ProxyPassReverse /
       </Location>
  </VirtualHost test.xy.de:443>
  But now if I call the portal application https://test.xy.de/irj/portal I get the following error:
  Unauthorized
  This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
  Any idea how to fix this?
  Regards Christian

  Hello Tobias,
  I have adapted your idea, but without success.
  I've checked the cookies. No cookies are delivered by the J2EE-Server.
  HTTP-ResponseHeader contains following entries:
  HTTP/1.1 401 Unauthorized
  Date: Thu, 26 Jan 2012 08:31:55 GMT
  WWW-Authenticate: Negotiate
  Content-Length: 381
  Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
  But its a bit strange.
  If I call url https://xy.de/index.html the start page will be displayed.
  A log on to system information is possible, but if I try to open the nwa, I get the same error.
  So I think this is a problem with the logon servlet. Sites with basic-authentication work.
  Calling the logon servlet direct https://xy.de/logon/logonServlet I get the same error.
  I don't think, there is a problem with the apache configuration.
  If I change the ProxyPass directive to another J2EE server everything works fine.
  There is only one difference between both system.
  System 1 (error system) is a SAP Netweaver 7.01 SP10
  The other system is a SAP Netweaver 7.02 SP 9
  Regards Christian
  Edited by: Christian Kaiser on Jan 26, 2012 9:53 AM

• Automatically authenticate reverse proxy on ML web server

  My Mini server is running 10.8.2. I've set apache up to reverse proxy several web cameras and I then force authentication to the domain via a group. However the cameras have their own authentication that I can't circumvent. Is there a way to authenticate to the cameras via apache's reverse proxy? Here is my current apache config....
  ProxyRequests off
  ProxyPass /camera1/ http://192.168.0.30/
  ProxyPass /camera2/ http://192.168.0.32/
  ProxyPass /camera3/ http://192.168.0.34/
  ProxyPass /camera4/ http://192.168.0.36/
  ProxyPassReverse /camera1 http://192.168.0.30
  ProxyPassReverse /camera2 http://192.168.0.32
  ProxyPassReverse /camera3 http://192.168.0.34
  ProxyPassReverse /camera4 http://192.168.0.36

  well, technology preview is what the name says .. i am surprised that u decided to stick with a technology preview release all these days.. in any case, there should not have any feature change between technology preview build and U4. but , there has been lot of bug fixes - so, unless we know the exact problem - we can't easily narrow down the change between tp3 build with U4 and find out how it is affecting u.
  here is a related article on how to use chunked encoding within web server 7
  http://developers.sun.com/webtier/reference/techart/chunked_req.html
  now, to help you more appropriately, you need to provide us with errors (probably with log level set to finest within server.xml) and let us know with the error reported by web server when it is unable to send those requests to back end tomcat
  you can set log level to finest by running the following command
  /sun/webserver7/bin/wadm set-config-prop -user=admin --config=<hostname> log-level=finest
  /sun/webserver7/bin/wadm deploy-config --user=admin <hostname>
  http://docs.sun.com/app/docs/doc/820-4842/set-config-prop-1?a=view
  (once you have identified the problem, you might want to set log level to info as setting to finest will cause your logs to grow humongous and also hurt performance
  thanks
  sriram

• Reverse Proxy in SOAMANAGER not working

  SAP Environment: SAP Netweaver 7.01 SP3
  Service Testing Tool: SOAPUI
  Requirements: Redirect the end-point (serverA) in the WSDL of a web service created from an ABAP proxy to the load balancer
  What I have done:
  1. Defined a Reverse Proxy in SOAMANAGER to redirect from serverA:8010 to loadBalancer:80.
  2. Tested the service and it worked fine.
  3. To make sure the Reverse Proxy was working, I changed loadBalancer:80 to a server name that does not exist.
  4. Tested the service again and it still worked.
  Questions:
  1. Found SAP help on Reverse Proxy but it does not explain all the fields.  In the Reverse Proxy configuration, there is a Status field, any idea what value should be put there?  I have left it blank.
  2. Is there any other configuration needed for the Reverse Proxy to work?
  3. Is there a way to check if the Reverse Proxy is working?
  Any help will be appreciated.

  Got the rever proxy to work.  Below are the field values in the reverse proxy setting that has worked:
  Reverse proxy name: <any name>
  Incoming http header host name: server1.domain..company.com (get it from the end-point in WSDL) 
  Incoming ICM port: port (get it from the end-point in WSDL)
  Substitute host name: server2.domain..company.com (has to be FQDN)
  Substitute http port: 80 (in my case)
  Substitute https port: (blank)
  Additional path prefix: (blank)
  Meta data protocol subsitution: http
  Endpoint protocol subsitution: http
  Status: active

• Something wrong with my SSL reverse proxy config.  HELP!

  Using Sun ONE Web Proxy Server 3.6-SP6
  1. Got Wildcard SSL Certificate from Verisign
  2. Ran sec-key
  made alias
  used password from Verisign
  3. Installed certificate
  Used "Trusted Certificate Authority (CA)"
  Pasted Cert in "Message Text (with headers)"
  4. Verified Certificate install in "Manage Certificates."
  5. Created regular and reverse mappings.
  When I try to turn on encryption, it says:
  Unable to read key file (9)
  What did I do wrong? I appreciate help from anyone.
  -ba

  What is the OS ?
  If it's Solaris, a truss will give you more details on the error.
  Verify the rights on your folder alias and all its contents.
  Can we have a more detailled error log file when you try to start the Proxy instance.
  Another remark :
  In the Admin Guide the scenario is called "Setting up a secure reverse proxy ".
  The problem is, that if the Webserver request for Client-Authentication
  within the SSL-Handshake the Proxy-Server has to present a cert signed as Client-Cert.
  Solution:
  - Proxy Server owner has own CA.
  Create CSR within Proxy Server and let the CSR be signed as Client Cert.
  - Proxy Server owner has not own CA.
  Choose a CA which allows to get client certs using CSR (e.g. tctrustcenter)
  Create CSR withing Proxy Server, at the common name use your name/Email=your.name@yourdomain
  Get the client cert at the CA using this CSR
  Import the cert into the Proxy Server.
  Create regular and reverse mappings
  e.g regular: http://test.content.org https://test.content.org
  reverse: https://test.content.org http://test.content.org
  Choose "initialize certificates only" at security settings for proxy instance.

• Using WLS 8.1 as a Reverse Proxy Server as well as using SSL

  Hi,
  We have WebLogic server 8.1 installed and set-up as a Reverse Proxy Server. We would like it to serve pages over a secure internet connection (one way).
  I have imported the SSL certificate which I received from Thawte. I have also configured the identity and Trust keystores for the server.
  However, I am still unable to access the server over a secure connection.
  I have logged into WebLogic Console and unticked Listen Port Enabled Port: 80; and ticked SSL Port Enabled and changed it to listen on Port:80? However, all this will mean is all our url's will need to preceded by 'https' I would prefer us to be able to still use 'http' which when requested redirects to 'https'
  Not having been on any WebLogic courses, I am new to this and would appreciate any help or step by step guides people have.
  Many Thanks,
  Karl

  Hi Raphael Chasse,
  The LoadBalancer plugin can be used as a reverse proxy.
  you could configure the loadbalancer.xml as below, where requests for app1 get redirected to server1 and app2 to server2.
  <loadbalancer>
  <cluster name="cluster1">
  <instance disable-timeout-in-minutes="30" enabled="true" listeners="http://server1 name="i1"/>
  <web-module context-root="/app1" disable-timeout-in-minutes="30" enabled="true"/>
  <health-checker interval-in-seconds="1" timeout-in-seconds="60" url="/"/>
  </cluster>
  <cluster name="cluster2">
  <instance disable-timeout-in-minutes="30" enabled="true" listeners="http://server2 name="i2"/>
  <web-module context-root="/app2" disable-timeout-in-minutes="30" enabled="true"/>
  <health-checker interval-in-seconds="1" timeout-in-seconds="60" url="/"/>
  </cluster>
  </loadbalancer>
  This link talks more about the loadbalancer.xml file format http://docs.sun.com/source/817-5445/aglbdtd.html.
  cheers
  Vishwas

• Cert auth with a SWS7 reverse-proxy in the way

  We are planning to try authenticating Access Manager 7.1 (Portal, Messaging Server) users with a certificate module so they don't have to enter usernames and passwords all the time.
  By architecture of the project, there are internal servers (actual AM, Portal, etc hosts in cluster config) in the internal LAN, and a Sun Web Server 7 in the DMZ acting as a load-balancer and reverse proxy which can filter some HTTP code if we need it to. This works okay for usual HTTP sessions.
  I have vague ideas how would this NOT break HTTPS sessions concerning the user cert auth module, but I have little to no practice with it.
  I would like to know whether we can offload SSL decoding to the Sun Web Server acting as a reverse proxy (with i.e. Niagara hardware for SSL acceleration) and pass/use the user's certificate information to an internal Access Manager host for user authentication, or are we stuck with TCP port-forwarding from internet straight to the internal hosts on the firewall or some hardware LB?
  Port-forwarding is not good because of security concerns, and in this case it seems we'd have to make several listening ports, one for each backend application, instead of publishing one standard 443 port on the rev-proxy...
  Perhaps there are ways to allow the Web Server to decode HTTPS handshake, determine the destination backend host, and pass the original HTTPS packets to it? Which server certificates would be in effect in such case, or should they be the same on front and backend hosts?
  Perhaps we should set up some AM component for the frontend hosts (I've seen keywords about Distributed Access Manager, but didn't research it yet)?
  Any other good ideas? :)

  Got the rever proxy to work.  Below are the field values in the reverse proxy setting that has worked:
  Reverse proxy name: <any name>
  Incoming http header host name: server1.domain..company.com (get it from the end-point in WSDL) 
  Incoming ICM port: port (get it from the end-point in WSDL)
  Substitute host name: server2.domain..company.com (has to be FQDN)
  Substitute http port: 80 (in my case)
  Substitute https port: (blank)
  Additional path prefix: (blank)
  Meta data protocol subsitution: http
  Endpoint protocol subsitution: http
  Status: active

• Unable to set session in Oracle Portal useing reverse proxy

  I have deployed a reverse proxy (using Oracle HTTP Server) in front of a Oracle Portal Install (version 10.1.2.0.2). The steps followed to set this up came from the following documents:
  Steps mentioned in Section 9.2 Configuring a Reverse Proxy for OracleAS Portal and OracleAS Single Sign-On for a reverse proxy on a Oracle HTTP Server.
  http://download-west.oracle.com/docs/cd/B14099_15/core.1012/b13998/variants.htm#ASTED005
  Also performed steps mentioned in -> Section 5.3.7 - Step 7: Enable Session Binding on OracleAS Web Cache of the Oracle® Application Server Portal Configuration Guide 10g Release 2 (10.1.2) -- B14037-03.
  My current (example names shown only)setup details are as follows:
  Reverse Proxy for SSO server (running on internal.oracle.com:7777): proxy.oracle.com:7777
  Reverse Proxy for Portal server (running on internal.oracle.com:7778): proxy.oracle.com:7778
  With the above steps completed, I can successfully use the http://proxy.oracle.com:7777/pls/orasso for login into SSO without any issues.
  Users get authenticated successfully.
  I can also use http://proxy.oracle.com:7778/pls/portal for viewing pages on the portal fine . All self referencing links have also been successfully modified to point to proxy.oracle.com:7778.
  However, an attempt to login in the portal is not successful. Clicking on the 'Login' link successfully redirects to the SSO login page (http://proxy.oracle.com:7777/<login-page>). However, after successful authentication, the success page fails to show up and the user gets shown the initial login portal home page again.
  There are no error messages shown on the screen.But it seems that user session is failing to be initiated/set correctly, as shown by the log file (in $PORTAL_ORACLE_HOME/j2ee/OC4J_Portal/application-deployments/portal/OC4J_Portal_default_island_1/application.log ):
  06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] Repository Gateway: LWUser: PUBLIC, Cookie: oracle.uix=0^^GMT+10:00;
  portal=9.0.3+en-au+us+AUSTRALIA+22BC75924EEAD8A2E040007F010019F7+8DAC5E3559C95F5E0090A6F56FFA58192CB0F437CA57A9102A6394F1EB7FAB5DEE3BFA12C65
  91C0C009B6......
  06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] ERROR: Repository Gateway error: Database Error: ORA=20001 ORA-20001:
  Unable to obtain session information from the cookie. Please close your browser and reconnect.
  ORA-06512: at "PORTAL.WPG_SESSION", line 149
  ORA-06512: at line 22
  Any help with this will be appreciated.
  Thanks.

  Hi Chris,
  The begin of the expection stack gives you the reason:
  06/11/03 09:13:59 java.sql.SQLException: The method 'setSavepoint' cant be called when a global transaction is active
  The reason is, that either the whole global transaction must be commited or rollbacked.
  I don't know your actual configuration, but between the methods begin() and commit()/rollback() of the UserTransaction instance, OC4J/OracleAS uses a global transaction (= XA transaction) in your configuration. The state of a global transactions is completely under the control of the application server and several restrictions must be considered. One of them is, that you can't use the method setSavePoint/. E.g. you can't also call the method setAutoCommit(true) in this state, or change the transaction isolation level via setTransactionIsolation(newLevel).
  This is NOT a limitation of the OC4J/OracleAS but is true for ALL application servers.
  P.S. I can successfully set savepoints and rollback to savepoints in weblogic 9.0This means, that WebLogic 9.0 doesn't use a global transaction in this case.
  Because I don't know your configurations (Oracle and WebLogic) I can't say, why the behave different in this situation.
  Best,
  Manfred

• After setting the reverse proxy, SSO doesn't work

  Hi,
  We are facing a problem after setting a reverse proxy. ITS&SSO is working fine for internal users but the problem is with the external users;ITS is working fine for external users but SSO is not working. Does anyone can help us out with this problem ? It is kind of urgent.
  Thanks
  Serkan

  Eric,
  Sorry for misunderstanding,
  The domain for internal/external users are the same https://external.global.rexam.<b>net</b>/irj/portal
          internal.global.rexam.net/irj/portal
  But the ITS goes through:
  bca.rexam.<b>com</b>

• LiveCycle ES4 Reverse Proxy Set Up

  We have LiveCycle ES4 SP1 configured and running on WebSphere v8.5 & Windows 2008 R2.  We're primarily using the application for end user PDF conversion services at this point.  However, 10% of our users are outside our networks and without a VPN.  What is involved in setting up a reverse proxy service for the PDF conversion functionality?  Is there any documentation available online that I can reference?
  Thanks,
  M.

  Hi Seshu,
  this is the <a href="http://rfc.net/rfc2616.html">HTTP 1.1 specification</a>.
  In section 5.2, it reads: 5.2 The Resource Identified by a Request
     The exact resource identified by an Internet request is determined by
     examining both the Request-URI and the Host header field.
  which means, that if the proxy asks for a different host, it actually asks for a different resource.
  In addition Section 14.23 reads as follows:
  14.23 Host
     The Host request-header field specifies the Internet host and port
     number of the resource being requested, as obtained from the original
     URI given by the user or referring resource (generally an HTTP URL,
     as described in section 3.2.2). <b>The Host field value MUST represent
     the naming authority of the origin server or gateway given by the
     original URL. This allows the origin server or gateway to
     differentiate between internally-ambiguous URLs, such as the root "/"
     URL of a server for multiple host names on a single IP address.</b>
         Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
    Kind regards,
  Patrick

• Apache reverse proxy setting for access to Backend

  Hi experts,
  we have set up apache reverse proxy to make available our NW portal (and SRM functions)over the internet.
  Our settings look something like this:
  ProxyRequests Off
  <VirtualHost *:80>
       ServerName myportal.portalhosto.com
       ProxyPreserveHost On
       ProxyPass /irj/ http://myportal.portalhost.com:53200/irj/
       ProxyPass /webdynpro/ http://myportal.postalhost.com:53200/webdynpro/
       ProxyPassReverse /irj/  http://myportal.portalhost.com:53200/irj/
       ProxyPassReverse /webdynpro/  http://myportal.portalhost.com:53200/webdynpro/
       ErrorLog logs/myportal.portalhost.com-error.log
       CustomLog logs/myportal.portalhost.com-custom.log combined
  RewriteEngine On
       RewriteRule ^/sap/(.*)$ http://mybackend.backendhost.com:8020/sap/$1 [P,NC]
  </VirtualHost>
  Problem:
  when we access the portal from the internal network(either by using the internal URL or external URL) things work fine.
  But we access the portal from internet, we are able to login to the portal and acess all webdynpro Java related applications.But when we try to acess the BSP/WD abap application running on a backend SRM system, we get 'host not found' message with the INTERNAL url of the SRM backend application displayed.
  Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
  Any help in resolving this would be greatly appreciated.
  regards,
  Kiran

  Hi,
  Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
  Yes , you have to expose your backend system using reverse proxy ...
  When user access the portal and when he clicks on BSP/WD , the URL get re-directed to backend system.
  But , as your backend system is not expose on internet , you get an error as host not found.
  So, to solve your problem you have to expose your backend system on internet. It is in general pratice to expose on internet.
  Thanks
  Anil

• Problem on Setting up a Reverse Proxy on Web Proxy Server 4.0.1

  After you setup a reverse proxy using Web Proxy Server 4.0.1, if you get the following error --
  Proxy denies fulfilling the request
  Your client is not allowed to access the requested object.You probably forget to add a regular mapping from: / to: http://http.site.com/. The information provided in 4.0.1 Administration guide is misleading. You will have to add it NOW manually. (Note: in 3.6 it will be added automaticly)
  You will have to do the following step manually, what provided in the manual is misleading --
  Sun Java� System Web Proxy Server 4 .0.1 Administration Guide 2005Q4
  Chapter 14 Using a Reverse Proxy
  "Setting up a Reverse Proxy"
  5. To make the change, click OK.
  Once you click the OK button, the proxy server adds one or more additional
  mappings. To see the mappings, click the link called View/Edit Mappings.
  Additional mappings would be in the following format:
  from: /
  to: http://http.site.com/

  thanks, will verify and update the docs.
  rahul.

• Need help on Reverse proxy set up

  Hi,
  In our system land scape, we have ISA 2004 sever, SRM, cProject suite 3.10 and LAC.
  Can any one explain me step by step procedure to set up a reverse proxy.
  We dont want to expose internal domain names and host names to internet users.
  We are able to access SRM application from external network with out any problem ( internal domain name is not displaying on title bar of IE explorer)  by activating the link translator. On SRM application when we click on collabration bid link or Live acution link for access collabration application or live auction application which resides other than SRM server. These application window (IE explorer) exposing internal hostname and domain name on title bar of Internet explorer.
  If some one can help me to resolve this problem, it would be a great help for us.
  Thanks and regards
  Seshu

  Hi Seshu,
  this is the <a href="http://rfc.net/rfc2616.html">HTTP 1.1 specification</a>.
  In section 5.2, it reads: 5.2 The Resource Identified by a Request
     The exact resource identified by an Internet request is determined by
     examining both the Request-URI and the Host header field.
  which means, that if the proxy asks for a different host, it actually asks for a different resource.
  In addition Section 14.23 reads as follows:
  14.23 Host
     The Host request-header field specifies the Internet host and port
     number of the resource being requested, as obtained from the original
     URI given by the user or referring resource (generally an HTTP URL,
     as described in section 3.2.2). <b>The Host field value MUST represent
     the naming authority of the origin server or gateway given by the
     original URL. This allows the origin server or gateway to
     differentiate between internally-ambiguous URLs, such as the root "/"
     URL of a server for multiple host names on a single IP address.</b>
         Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
    Kind regards,
  Patrick

• How to set 3rd Party Reverse Proxy for smp 3.0 ?

  Hi am new to SMP 3.0 . Please help me out .

  hi am fallowing the steps in SyBooks Online for reverse proxy settings.
  I added the below proxy settings in Apache2.2\conf\httpd.conf .
  Listen 8080
    <VirtualHost *:8080>
          ServerName proxy-server   
            ErrorLog "C:/Apache2.2/logs/error.log"
            TransferLog "C:/Apache2.2/logs/access.log"
               <Location />
                ProxyPass http://172.22.26.199:8080/
                ProxyPassReverse http://172.22.26.199:8080/
    </Location>
      </VirtualHost>  
  After adding this proxy setting am unable to run apche server am getting error like "The requested operation has failed  " . How to resolve this error ?

• Setting apache reverse proxy for EP6SP2

  Hi friends,
  I want to set apache reverse proxy for EP6SP2. But after doing the following changes, it is showing the SAP J2EE Engine documentation page.
  The following changes has been dont to httpd.conf:
  NameVirtualHost 1.1.1.1:80
  <VirtualHost 1.1.1.1:80>
    ProxyRequests Off
    ServerName ep6.xyz.com
    ProxyPreserveHost On
    proxyPass        /  http://ep6.xyz.com:50000/
    proxyPassReverse /  http://ep6.xyz.com:50000/
    ErrorLog logs/base.80.error.log
    CustomLog logs/base.80.custom.log common
  </VirtualHost>
  Help needed.
  Regards,
  Nilz

  Hi,
  I have a problem with my proxy:
  ssl.conf.in like
  ProxyPass /irj http://debmsu06.server.###.de:50300/irj
  ProxyPassReverse /irj http://debmsu06.server.###.de:50300/irj
  RewriteRule ^/$ /irj/portal [R]
  If I use URL:
  https://bebuyer.###.de/ goto https://bebuyer.###.de/irj/portal
  but if I use
  https://bebuyer.###.de/irj/
  I get the info:
  https://bebuyer.###.de/irj/HTTPS:/bebuyer.###.de:443/irj/index.html
  What is happened? How I can redirect to /irj/portal?
  Of course I can use
  http://debmsu06.server.###.de:50300/irj/
  Could you please give me some tips?
  Best Thanks!
  Heren Zhou