Workspace Reverse Proxy

Hello all,
I am not sure if this is the correct location for this but will give it a try.
Last week my organization setup a reverse proxy to our internal workspace so our external users would be able to login and use LC.  The proxy gets external users to the login screen but after typing in the username/password and clicking login we get the spinning circle for about three seconds and then an error message that reads "An error occurred while initializing Workspace.".
Any ideas on why this is happening or if you have a functioning reverse proxy did you have to do anything special on the LC install?
Thanks,
~Josh

I am not the one that setup the reverse proxy so I will have someone look into the logs for me.
I read your first blog entry you posted and noticed something in the server.xml that I am missing.
proxyName="apache.company.com" proxyPort="80"
Not having this line in the server.xml file could that be the possible explaination?  Also, if I add this file will I only be able to use the proxy address or will the internal url still work?
~Josh

Similar Messages

  • How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?

    Some of our installations use the Sun Web Server 7.0 (update 1, usually)
    for hosting some of the public resource and reverse-proxying other parts
    of the URI namespace from other backend servers (content, application
    and other types of servers).
    So far every type of backend server served a unique part of the namespace
    and there was no collision of names, and the backend resources were
    published in a one-to-one manner. That is, a backend resource like, say,
    http://appserver:8080/content/page.html would be published in the internet
    as http://www.publicsite.com/content/page.html
    I was recently asked to research whether we can rename some parts of
    the public URI namespace, to publish some or all resources as, say,
    http://www.publicsite.com/data/page.html while using the same backend
    resources.
    Another quest, possibly related in solution, was to make a tidy url for the
    first page the user opens of the site. That is, in the current solution when
    a visitor types the url "www.publicsite.com" in his or her browser, our web
    server returns an HTTP-302 redirect to the actual first page URL, so the
    browser sends a second request (and changes the URL in its location bar).
    One customer said that it is not "tidy". They don't want the URL to change
    right upon first rendering the page. They want the root page to be rendered
    instantly i the first HTTP request.
    So far I found that I can't solve these problems. I believe these problems
    share a solution because it relies on ability to control the actual URI strings
    requested by Sun Web Server from backend servers.
    Some details follow, now:
    It seems that the reverse proxy (Service fn="service-passthrough") takes
    only the $uri value which was originally requested by the browser. I didn't
    yet manage to override this value while processing a request, not even if
    I "restart" a request. Turning the error log up to "finest" I see that even
    when making the "service-passthrough" operation, the Sun Web Server
    still remembers that the request was for "/test" (in my test case below);
    it does indeed ask the backend server for an URI "/test" and that fails.
    [04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
    trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
    fn="service-passthrough" rewrite-host="true" rewrite-location="true"
    servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
    returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
    # this causes /content/* to be taken from another (backend) server
    NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
    # this causes requests to site root to be HTTP-redirected to a certain page URI
    <If $uri =~ '^/$'>
        NameTrans fn="redirect"
            url="http://www.publicsite.com/content/MainPage.html"
    </If>
    <Object name="content-test">
    ### This maps http://public/content/* to http://10.16.2.127:8080/content/*
    ### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
        Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
        Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
    </Object>
    I have also tried "restart"ing the request like this:
        NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
        Service fn="set-variable"  uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
    in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
    //Jim

    Some of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
    I was recently asked to research whether we can rename some parts of
    the public URI namespace, to publish some or all resources as, say,
    http://www.publicsite.com/data/page.html while using the same backend
    resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
    yes, you could do something like
    - edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
    <Object name=¨default¨>
    <If $uri = ¨/page/¨>
    #move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
    NameTrans.. fn=map
    </If
    </Object>
    and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
    finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
    <install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
    <install-root>/bin/wadm deploy-config --user=admin <hostname>
    you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
    http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
    finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
    http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
    >
    One customer said that it is not "tidy". They don't want the URL to change
    right upon first rendering the page. They want the root page to be rendered
    instantly i the first HTTP request.
    please check out the rewrite / restart SAF. this should help you.
    http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
    pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
    It seems that the reverse proxy (Service fn="service-passthrough") takes
    only the $uri value which was originally requested by the browser. I didn't
    yet manage to override this value while processing a request, not even if
    I "restart" a request. Turning the error log up to "finest" I see that even
    when making the "service-passthrough" operation, the Sun Web Server
    still remembers that the request was for "/test" (in my test case below);
    it does indeed ask the backend server for an URI "/test" and that fails.
    now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
    http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
    feel free to post to us if you need any futher help
    you are probably better off - starting fresh
    - install ws7u4
    - use gui or CLI to create a reverse proxy and map one on one - say content
    http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
    if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
    <install-root>/bin/wadm disable-java user=admin config=<hostname>
    <install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
    <install-root>/bin/wadm deploy-config --user=admin <hostname>
    now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
    >
    I have also tried "restart"ing the request like this:
    NameTrans fn="restart" uri="/data"
    ordering is very important here... you need to do this some thing like
    <Object name=default>
    <If not $restarted>
    NameTrans fn=restart uri from=/¨ uri=/foo.
    </If>

  • Lync Reverse Proxy Alternatives

    When migrating from OCS 2007 to Lync 2010, we balked Microsoft’s recommendation to deploy Forefront Threat Management Gateway (or ISA) just to get the reverse proxy services. 
    TMG is way too expensive and complex for such a limited, simple use case.
    I didn't find much information on what people are using as free alternatives to ISA/TMG, so I decided to post this discussion in case there are others out there who are interested.
    We decided to use Apache 2.2 on Windows Server 2008 R2. 
    Here's how we configured it:
    Read here to understand what features require a reverse proxy, and follow the steps to configure your FQDNs, Network Adapters and (maybe) obtain an SSL Certificate for the reverse proxy. 
    http://technet.microsoft.com/en-us/library/gg398069.aspx
    Download and install the latest stable release of Apache with OpenSSL on your reverse proxy server. 
    http://httpd.apache.org/download.cgi
    We're using the same certificate on the reverse proxy that we use on our front end server (it has the appropriate SANs), so we need to convert it to PEM format for use with Apache:
    Use the Certificates MMC on your front end server to export the certificate and include the private key.
    Transfer the resultant .pfx file to your reverse proxy server.
    Use OpenSSL to convert your .pfx file to PEM:
    openssl pkcs12 -in c:\pathto\yourcert.pfx -out c:\pathto\yourcert.pem –nodes 
    Separate the private key from the certificate using notepad: 
    Open the new .pem file and cut the text from the beginning of the file through the end of the “----END RSA PRIVATE KEY----“ tag. 
    Save that text to a new file named
    yourcert.key. 
    Save
    yourcert.pem, which should now only include the certificate.
    Copy (or move) the certificate and private key to the Apache configuration directory. We like to use: C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl
    for storing the certificates.
    Edit httpd.conf (typically in
    C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf) to enable and configure the proxy and SSL features:
    (See  http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
     for more information on each directive)
    Uncomment the following lines, which will enable proxy and SSL:
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule ssl_module modules/mod_ssl.so
    Include conf/extra/httpd-ssl.conf
    Add the following lines to configure reverse proxy behavior:
    #Be a reverse proxy, not a forward proxy
    ProxyRequests Off
    #Accept requests from any client to any URL
    <Proxy *>
    Order Deny,Allow
    Allow from all
    </Proxy>
    #Set the network buffer to improve throughput
    ProxyReceiveBufferSize 4096
    #Configure the Reverse Proxy to forward all requests to your front end server on 4443
    ProxyPass / https://yourfrontend.domain.com:4443/
    ProxyPassReverse / https://yourfrontend.domain.com:4443/
    #Preserve Host Headers for Lync
    ProxyPreserveHost On
    Optionally, configure logging directives, bindings and server name.
    Save and close httpd.conf
    Edit httpd-ssl.conf (typically in conf\extra):
    Configure the session cache:
    Uncomment:
    SSLSessionCache “dbm:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache”
    Comment out:
    SSLSessionCache “shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
    Locate the <VirtualHost _default_:443> tag and configure the following:
    Add the following directive:
    SSLProxyEngine On
    Configure the path to your SSL Certificate saved in step 3-5 above:
    SSLCertificateFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.pem”
    Configure the path to your private key saved in step 3-5 above:
    SSLCertificateKeyFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.key”
    Optionally, configure the SSLCACertificateFile (you can download the appropriate bundle from your CA).
    Optionally, configure logging directives.
    Save and close httpd-ssl.conf
    Restart the Apache2.2 service
    Configure public DNS records and appropriate firewall rules to allow public http/https traffic to the external interface of your reverse proxy, and to allow the internal interface of
    the reverse proxy to talk to the front end Lync server on 8080 and 4443.
    From an external connection, test connectivity through the reverse proxy:
    Test
    https://dialin.company.com (friendly URL for getting dial-in information, if you’re using voice conferencing)
    Test the Lync Web App by setting up an online meeting and following the URL to join the meeting. 
    You can force the use of the web app by appending ?sl= to the end of the meet.company.com link. 
    See this for more information http://blogs.technet.com/b/jenstr/archive/2010/11/30/launching-lync-web-app.aspx
    Hope this information is helpful and saves some of you some money and trouble.
    Please contact me if you need further clarification or see any mistakes in my notes.
    Best regards,
    Kenneth Walden
    Enterprise Systems Supervisor
    GSD&M
    Austin, TX

    I'd like to thank you for this article.  We were setting up Apache RP for Lync .... needless to say they weren't too excited to learn this new (and highly complex with lots of specific undocumented requirements) Microsoft product.  Anyways, your
    blog saved me a LOT of headache.  I owe you big time. 
    AWESOME JOB. 
    -Greg
    *****EDIT***
    Decided to come back in there and post good information.  We had issues with EXTERNAL and ANONYMOUS users being able to attend a meeting.  The "DIALUP" url was working fine but the "MEETING" url was broken.  On our WFE servers we were getting
    the event error as below.   Turns out that our reverse proxy was not set to "PROXYPRESERVEHOST ON".  Once we put that in there ALL was good.
    Notice that the MEET portion was the only thing that was really broken.  So, if you can get DIALUP to work, but MEET doesn't ... your RP is working to FW the 443 to the 4443 correctly but you're RP is sending the wrong HEADER.  Look for
    http://10.x.x.x/meet/ or soemthing in the event logs. 
    Log Name:      Application
    Source:        ASP.NET 2.0.50727.0
    Date:          11/16/2011 1:26:35 PM
    Event ID:      1309
    Task Category: Web Event
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      OneofMyInternalWFEservers.local
    Description:
    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 11/16/2011 1:26:35 PM
    Event time (UTC): 11/16/2011 6:26:35 PM
    Event ID: b2039ecd0a62482284030f62e1e639d8
    Event sequence: 129
    Event occurrence: 28
    Event detail code: 0
    Application information:
        Application domain: /LM/W3SVC/34578/ROOT/meet-1-129658725547585993
        Trust level: Full
        Application Virtual Path: /meet
        Application Path: C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\
        Machine name: MYWFE.local
    Process information:
        Process ID: 14204
        Process name: w3wp.exe
        Account name: NT AUTHORITY\NETWORK SERVICE
    Exception information:
        Exception type: HttpException
        Exception message: Server cannot append header after HTTP headers have been sent. 
    Request information:
        Request URL:
    https://FQDN:4443/meet/MyName/456456
        User host address: gatewayIP
        User: 
        Is authenticated: False
        Authentication Type: 
        Thread account name: NT AUTHORITY\NETWORK SERVICE
    Thread information:
        Thread ID: 7
        Thread account name: NT AUTHORITY\NETWORK SERVICE
        Is impersonating: False
        Stack trace:    at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
       at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
    Custom event details:
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="ASP.NET 2.0.50727.0" />
        <EventID Qualifiers="32768">1309</EventID>
        <Level>3</Level>
        <Task>3</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2011-11-16T18:26:35.000000000Z" />
        <EventRecordID>4483</EventRecordID>
        <Channel>Application</Channel>
        <Computer>XXXXXXXXXXXXXXXXXX</Computer>
        <Security />
      </System>
      <EventData>
        <Data>3005</Data>
        <Data>An unhandled exception has occurred.</Data>
        <Data>11/16/2011 1:26:35 PM</Data>
        <Data>11/16/2011 6:26:35 PM</Data>
        <Data>b2039ecd0a62482284030f62e1e639d8</Data>
        <Data>129</Data>
        <Data>28</Data>
        <Data>0</Data>
        <Data>/LM/W3SVC/34578/ROOT/meet-1-129658725547585993</Data>
        <Data>Full</Data>
        <Data>/meet</Data>
        <Data>C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\</Data>
        <Data>SNKXS300</Data>
        <Data>
        </Data>
        <Data>14204</Data>
        <Data>w3wp.exe</Data>
        <Data>NT AUTHORITY\NETWORK SERVICE</Data>
        <Data>HttpException</Data>
        <Data>Server cannot append header after HTTP headers have been sent.</Data>
        <Data>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
        <Data>/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
        <Data>10.71.1.1</Data>
        <Data>
        </Data>
        <Data>False</Data>
        <Data>
        </Data>
        <Data>NT AUTHORITY\NETWORK SERVICE</Data>
        <Data>7</Data>
        <Data>NT AUTHORITY\NETWORK SERVICE</Data>
        <Data>False</Data>
        <Data>   at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
       at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)
    </Data>
      </EventData>
    </Event>

  • IIS Reverse Proxy with URL rewrite.

    Hi all, hoping to leverage the wealth of knowledge contained here.
    Any assistance would be very welcome.
    I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
    I need to redirect all requests with a specific virtual directory suffix only.
    ie; https://domain.test.com/outbound/Content/query_etc
    With /Outbound/ being the trigger.
    This should be redirected to http://10.10.10.10/inbound/Content/query_etc
    While at the same time, requests without the /outbound/ suffix should be handled locally.
    I have configured the reverse proxy as described in a few articles, and have had no luck.
    Here's a snippet from my (sanitized) web.config at the site level.
    <rewrite>
    <outboundRules>
    <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
    <match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
    <action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
    </rule>
    <preConditions>
    <preCondition name="ResponseIsHtml1">
    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
    </preCondition>
    </preConditions>
    </outboundRules>
    <rules>
    <rule name="ReverseProxyInboundRule1" stopProcessing="true">
    <match url="^outbound/(.*)" />
    <action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
    </rule>
    </rules>
    </rewrite>
    To me, this looks correct, yet it doesn't work.
    With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

    Hi Andrew,
    Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
    By using URL Rewrite Module together with
    Application Request Routing module you can have IIS 7 act as a
    reverse proxy.
    It seems like URL Rewrite can't re-route the request somewhere else out of the server.
    Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc  it will fail with 404.
    Hosting multiple domain names under a single account using URL Rewrite.
    It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
    References:
    How to create a url alias using IIS URL Rewrite:
    http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
    Reverse Proxy with URL Rewrite v2 and Application Request Routing:
    http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
    Regards,
    Satyajit
    Please“Vote As Helpful”
    if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

  • How to change Script path for Reserved.ReportViewerWebControl.axd when working behind reverse proxy?

    Hi,
    My application works behind a reverse proxy which has polices for secure and unsecure areas of the application. Architecture and Infra team is not willing to allow any root level policies in any case
    When report viewer control is rendered on the page, it is adding a reference to the http handler Reserved.ReportViewerWebControl.axd in the script tag and the URL is at the root level. Unfortunately like other AjaxControlToolkit web resources I cannot modify
    the URL to refer to the local script using ScriptManager.
    Do we have any other property / means by which I can get this altered.
    It is so unfortunate that the Microsoft.ReportViewer.WebForms assembly resources like scripts etc are not exposed as webresource at the assembly level and there is no way to modify this.
    Does anyone has any solution to this?
    Appreciate your help
    Thanks in advance
    Badal

    Hi Badal,
    Thank you for your question.
    I am trying to involve someone more familiar with this topic for a further look at this issue. Sometime delay might be expected from the job transferring. Your patience is greatly appreciated.
    Thank you for your understanding and support.
    Thanks,
    Alisa Tang
    If you have any feedback on our support, please click
    here.
    Alisa Tang
    TechNet Community Support

  • WebServer 6.1 SP3 SSL reverse proxy to Sun One Application Server 7

    I have an application in the appserver7 that requires SSL authentication. I have already installed a self cert in the appserver7, and the authentication works fine when I browse directly to the appserver.
    The appserver7 has both listener for port 80 and 443 enabled.
    I'm currently setting up a webserver (WebServer 6.1 SP3) to act as a reverse proxy to the appserver7. The reverse proxy for the basic jsp pages found in the appserver worked fine.
    When I try to access the login page, in the appserver, in ssl mode, I am unable to do so. I then try changing the obj.conf to the following, from http to https:
    <Object name="passthrough">
    ObjectType fn="force-type" type="magnus-internal/passthrough"
    Service fn="service-passthrough" method="(GET|HEAD|POST)" servers="https://172.2
    8.48.53"
    However, it still doesn't work.
    Do I need to install a self cert in the webserver and enable the ssl listener as well?
    Do I need to install any reverse proxy addon for the appserver? Any
    setup for the obj.conf in the appserver?
    Any ideas how to get this done?
    Thanks.
    Mac.

    The Web Server 6.1 SP3 Reverse Proxy Plugin is supported, but it sounds like you're trying to do something that simply isn't possible.
    If you want the Reverse Proxy Plugin to perform SSL mutual authentication with the Application Server using the client's certificate, that's impossible due to the nature of SSL mutual authentication. If the plugin could impersonate the client, then SSL would be vulnerable to MITM (Man In The Middle Attacks). Fortunately, SSL isn't vulnerable to such attacks because the plugin doesn't know the client's private key.
    If you simply want the Reverse Proxy Plugin to pass information about the client's certificate along to the Application Server, that hapens automatically. There's nothing special to configure. Note that the plugin will not authenticate to the Application Server in this case. Rather, it will simply copy the X.509 certificate into the proprietary Proxy-auth-cert: HTTP request header.
    The application running on the Application Server can inspect the Proxy-auth-cert: header using standard Servlet APIs. Alternatively, you can use Application Server 7's auth-passthrough AuthTrans SAF to cause the contents of the Proxy-auth-cert: header to be copied to the javax.servlet.request.X509Certificate Servlet attribute.

  • How to set up reverse proxy to allow user access portal site from internet

    Hi all,
    I have installed 10g(10.1.2.0.2) AS on same machine(single IP for both mid and infra with different users respectively). there is a DMZ on which windows IIS is working through which we need to redirect the request to application server such that users access portal page from internet (within intranet all URLs are working fine). I have went through technet documentation where i found 3 ways : through this link
    http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm
    Section 9.2.1.1, "Configuring OracleAS Web Cache as a Reverse Proxy"
    Section 9.2.1.2, "Configuring the Oracle HTTP Server as a Reverse Proxy"
    Section 9.2.1.3, "Configuring Internet Information Services as a Reverse Proxy"
    I am confused to which option to use. Also i went through the metalink document 270160.1
    Please help me which option to choose to do this.
    Thanks.

    Hi Hozy,
    May be it's too late, I am thinking to go in the same route for our sap portal access to external customers. Please can you share your experience , like what are the challenges have you faced? what is the complexity? what are all the resources we need to configure this?
    I appreciate your feedback.
    Thanks
    Krish

  • Reverse proxy to applications on a server by just domain names possible?

    Hi All
    I am looking for a solution to set up a single server, that hosts four J2EE web applications running on a Glassfish application server with just only one IP address.
    When a user wants to use an application, he/she can just type URL without specifing port and path, and the corresponding web application will be displayed accordingly as shown below
    http://sub1.domain1.com -- > webapp1 at port 9100
    https://sub2.domain1.com -- > webapp2 at port 9200
    http://sub1.domain2.com -- > webapp3 at port 9300
    https://sub2.domain2.com -- > webapp4 at port 9400
    I am wandering whether I could use reverse proxy of Sun Java System Web Server 7 to route the traffic from the domain names to their own application on Glassfish as shown above? I tried by creating two HTTP listeners to listen at port 80, and 443 respectively, but I could not access different applications based on domain names without specifying specifix path or port.
    Is there any recommended resources or example of the mapping, or any other suggested solution?

    Thank you for your reply nsegura. I created 4 different virtual servers as you suggested and it worked :)
    However, I have a problem in reverse proxy base on path.
    The scenario is below
    I have an J2EE application that needs to be deployed in three different environment (production, training, testing). It
    is the same application for three environments, so I want them to have the same context-root. I want to use Sun Web Server 7.0 to reverse proxy to the application in each environment based on path, not URL redirect. Example of URL are shown below
    https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
    https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /app)
    https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /app)
    So far, it works if I set context-root of the application in each environment differently
    https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
    https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /training/app)
    https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /testing/app)
    I am wandering whether there is a solution with Sun Web Server 7 that I can use to achieve reverse proxy of the same application in different environments without having to modifying context-root for each environment and use URL redirect?
    I was thinking about using rewriting path with reverse proxy, but I did not see this function under reverse proxy tab.
    Any ideas?

  • Sun Web server 6.1 SP9 Reverse proxy - Changing Web Server Context

    I am trying to configure a Reverse Proxy such that it can change the context of the requested URL.
    My SOWS reverse proxy plug-in is running on server server1.sample.com and the destination server is running on server2.sample.com. The use case, the incoming URL is [|http://server1.sample.com/dummy1/]...... and I need to map this to {color:#0000ff}http://server2.sample.com/*dummy2*/.....;{color} It looks like the reverse proxy only maps to a server level but disregards the context. The reason I say that, in the server 2 logs I see - .... trying to GET /dummy1....; I needed the call to look for dummy2 context. Can this be done?

    well, web server uri processing does not understand web application level context (in terms of java web applications). however, if you would like to map all uri's ending with /dummy1 to go to /dummy2, then you can easily do this with web server 7 regular express processing
    http://blogs.sun.com/elving/entry/mass_virtual_hosting_in_7
    http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
    besides web server 7 includes a very tightly integrated reverse proxy unlike 6.1 where you need reverse proxy as a separate plugin. so, you might want to check out if ws7 can serve your needs
    - sriram

  • Web Server 7 Reverse Proxy URI Config

    I am testing WS 7.2 to replace WS 6.1 and need input on the configuration of the reverse proxy setup. We currently are using the reverse proxy plugin on our 6.1 servers but I cannot get the same configuration to work on 7.2. I have followed the admin document but I don't want to use / as my URI. I need to only proxy requests for URLs that end in *cfm.  Can I configure the new server to work like the 6.1 version?
    6.1 Config
    =======
    obj.conf
    NameTrans fn="assign-name" from="(*.cfm)" name="passthrough"
    <Object name="passthrough">
    ObjectType fn="force-type" type="magnus-internal/passthrough"
    Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://host:8281"
    Error reason="Bad Gateway" fn="send-error" uri="$docroot/badgateway.html"
    </Object>
    magnus.conf
    Init fn="load-modules" shlib="/opt/SUNWwbsvr/plugins/passthrough/libpassthrough.so" funcs="init-passthrough,auth-passthrough,check-pass
    through,service-passthrough" NativeThread="no"
    Init fn="init-passthrough"

    In Web Server 7.0 you can use built in reverse proxy feature rather than using libpassthrough.so
    configuring reverse proxy
    http://docs.sun.com/app/docs/doc/820-2202/gdabp?l=en&a=view
    http://docs.sun.com/app/docs/doc/820-2204/create-reverse-proxy-1?l=en&a=view
    More information about map SAF :
    http://docs.sun.com/app/docs/doc/820-2203/gdhnz?l=en&a=view
    set-origin-server sAF:
    http://docs.sun.com/app/docs/doc/820-2203/gdhqc?l=en&a=view
    Blogs :
    http://blogs.sun.com/meena/entry/configuring_reverse_proxy_in_sun

  • Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

    Hi,
    I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
    I have configured a context root to be forwarded to weblogic:
    Web Server: www.server.com
    URI: /path
    Reverse Proxy URL: wlserver:9000
    When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
    If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
    Would appreciate it very much if someone can help me troubleshoot this issue.
    Thanks in advance!
    Edited by: agent_orange on Jul 29, 2010 2:30 AM
    Edited by: agent_orange on Jul 29, 2010 2:31 AM

    I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
    - create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
    - select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
    that is all it should need.
    your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
    <Object name="default">
    AuthTrans..
    NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
    </object>
    <Object name="reverse-proxy-/">
    Route fn=....
    Service ..
    </Object>
    this is all you should need..
    However, if you wanted to add complexity to your configuration, you could do some thing like
    <Object name="default">
    Auth..
    <If defined $security>
    NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
    </If>
    </Object>
    <Object name="reverse-proxy-/">
    Route...
    </Object>

  • Sun One Application Server 7 SSL Reverse Proxy Setup?

    Hi,
    I've made a similiar post on the Web Server forum,
    http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
    I've noticed there's a reverse proxy plug in setup for Web Server,
    as well as a AddOn package for Application Server.
    I've so far successfully installed the reverse proxy plugin for
    the Web Server and it manage to passthrough the jsp contents
    to the Application Server.
    There's a file in our application server, Step2Cert.jsp in the
    appserver that requires to be viewed/accessed in https mode
    and I'm guessing the Web Server to Application Server communication
    should be in https?
    Anywhere I can find references on how this can be done?
    My two references:
    Web Server Reverse Proxy Plug-in
    http://docs.sun.com/source/819-0902-05/rpp61.html
    Web Server and Application Server setup for passthrough
    http://docs.sun.com/source/819-2783/agplugin.html
    I've not installed the AddOn package for the Appserver yet. But
    I figured I should, right? I'm rather confused about the two
    package.
    Thanks,
    Mac.

    Hi,
    I've made a similiar post on the Web Server forum,
    http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
    I've noticed there's a reverse proxy plug in setup for Web Server,
    as well as a AddOn package for Application Server.
    I've so far successfully installed the reverse proxy plugin for
    the Web Server and it manage to passthrough the jsp contents
    to the Application Server.
    There's a file in our application server, Step2Cert.jsp in the
    appserver that requires to be viewed/accessed in https mode
    and I'm guessing the Web Server to Application Server communication
    should be in https?
    Anywhere I can find references on how this can be done?
    My two references:
    Web Server Reverse Proxy Plug-in
    http://docs.sun.com/source/819-0902-05/rpp61.html
    Web Server and Application Server setup for passthrough
    http://docs.sun.com/source/819-2783/agplugin.html
    I've not installed the AddOn package for the Appserver yet. But
    I figured I should, right? I'm rather confused about the two
    package.
    Thanks,
    Mac.

  • Reverse Proxy with Sun Web Server 7 update 4

    Hi All,
    I've just migrating to Sun Java System Web Server 7.0U4 B12/02/2008 from Sun Java System Web Server 7.0-Technology-Preview-3 B09/13/2006. I've have the two web servers running side by side on separate machines. Both have a VS configured as a reverse proxy pointing to the same apache tomcat web server.
    The Tech Preview 3 server works fine and has been doing since it was installed. However the Update 4 server doesn't. I can access the tomcat app via the U4 server in a browser, but not with the app on my mobile (sync ML). Snooping the traffic show me that the U4 server is sending a different response that the Tech Preview server. I'm thinking it may have to do with Transfer Encoding: chunked. I've looked around the web to see if I can turn this off in the U4 server, as I seem to recall having to do so at some point in my life, though I can't remember when and with what.
    Does anybody have any clues they can throw at me?? Or anybody know what has change in the reverse proxy part of the web server from Tech Preview 3 to U4??
    Both VS reverse proxies are congfigured exactly the same.
    Thanks,
    Stuart.

    well, technology preview is what the name says .. i am surprised that u decided to stick with a technology preview release all these days.. in any case, there should not have any feature change between technology preview build and U4. but , there has been lot of bug fixes - so, unless we know the exact problem - we can't easily narrow down the change between tp3 build with U4 and find out how it is affecting u.
    here is a related article on how to use chunked encoding within web server 7
    http://developers.sun.com/webtier/reference/techart/chunked_req.html
    now, to help you more appropriately, you need to provide us with errors (probably with log level set to finest within server.xml) and let us know with the error reported by web server when it is unable to send those requests to back end tomcat
    you can set log level to finest by running the following command
    /sun/webserver7/bin/wadm set-config-prop -user=admin --config=<hostname> log-level=finest
    /sun/webserver7/bin/wadm deploy-config --user=admin <hostname>
    http://docs.sun.com/app/docs/doc/820-4842/set-config-prop-1?a=view
    (once you have identified the problem, you might want to set log level to info as setting to finest will cause your logs to grow humongous and also hurt performance
    thanks
    sriram

  • Sun Web server 7  - Reverse proxy to different

    Hi All,
    I have following scenario:
    I have deploy my application into 2 dedicated weblogic servers, http://host1:7001/myapp and http://host2:7001/myapp. How can I configure the reverse proxy so whenever user enter the URL, webserver will forward different app server like below;
    #1 - http://abc.com >> web server will forward to http://host1:7001/myapp
    #2 - http://abc.com/controller>> web server will forward to http://host2:7001/myapp
    I follow tutorial from this link >> http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
    For requirement #1 it work perfectly since i put URI = /myapp and Server URL = http://host1:7001.
    But for #2, it doesnt work since I put the URI=/controller.
    We wanted to be like http://abc.com/controller, so it will forward to second app server which difference application.
    Is it possible? or any other to do like that?
    Thanks!

    Hi Sriram,
    I'm having similar problem with atehac, the only difference is that the web server
    #1 http://domain.com/web1 >> forwarded to http://local-pc1.com:8080/
    #2 http://domain.com/web2 >> forwarded to http://local-pc2.com:8080/
    This is the setting that I've made in <vs>obj.conf :
    NameTrans fn="map" from="/web1" name="reverse-proxy-/web1" to="http:/"
    NameTrans fn="map" from="/" name="reverse-proxy-/web1" to="http:/"
    NameTrans fn="map" from="/web2" name="reverse-proxy-/web2" to="http:/"
    NameTrans fn="map" from="/" name="reverse-proxy-/web2" to="http:/"
    <Object name="reverse-proxy-/web1">
    Route fn="set-origin-server" server="http://local-pc1.com:8080"
    </Object>
    <Object name="reverse-proxy-/web2">
    Route fn="set-origin-server" server="http://local-pc2.com:8080"
    </Object>
    But the problem is local-pc2 won't be able to be accessed, while for local-pc1 will be mapped, but it omit /web1
    So it will be like http://domain.com/web1 at the beginning, but after I press enter it became like http://domain.com
    What I wish is something like http://domain.com/web1 all the way.
    Do you have any idea Sriram?
    Regards,
    Berry

  • How to configure SharePoint HNSC with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.

    Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
    In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with  Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
    to Public URL = "proxy URL".
    In Host Named Site Collections,  alternate access mappings  are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
    URL is associated.  This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
    point HNSC to respond  to a different URL(proxy URL). Consequently, Share Point URLs are exposed to  external users.
    Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If  hiding the internal Share Point URLS is a requirement,
    it suggests to use a web application instead of host named site collections.
    Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
    http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
    Excerpt from above article-
    "Host Named Site Collections Only Use One Host Name
    Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
    are always considered to be in the Default zone.  This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
    as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
    calls to the same URL.  If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>

    Hi Satish,
    You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
    It is by design that each host-name site collection only support one URL for each zone.
    The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
    https://support.microsoft.com/en-us/kb/2826457
    So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
    Best regards.
    Thanks
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

Maybe you are looking for

  • How view download history in Safari toolbar?

    I can't view de PDF files in Safari (download history), another files I can view normally. Just PDF files. Anysome know solve this problem?

  • Recover on new host

    hi all, i am using xp, oracle 10.1.0.2.0 i recovered my database named jal on new host. but when i am trying to create a table using scott user, it gives me error "cannot use system rollback segment for nonsystem tablespace 'users' can any1 put some

  • Copy and paste error

    Hello everybody! I'm new user, and I've a question about Pages. Well, when I copy a text from intenet page, using safari, and then try to paste, Pages doesn't paste all the selected test, but only a part of it... Maybe someone knows why..? Thanks Alb

  • Unable to lunch Adobe CS3 on Windows 7

    I just purchased a new desktop with Windows 7 Home Premium 64 bit. I installed Adobe CS3, everything worked just fine but it doesn't lunch for some reason. When I lunch Photoshop the window pops but that's it, when I lunch Dreamwever nothing happens

  • DI Server and J2EE

    Hi all, I'd like to know if it's possible to have a J2EE Server to invoke web services from the DI server. if yes, do you have samples ? Thanks for your help.