Focal Point
[SOLVED] Reverse Proxy Server Configuration Help

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/645107335

September 24, 2010, 10:38 AM
JohnG
[SOLVED] Reverse Proxy Server Configuration Help
I am attempting to configure a Reverse Proxy Server on a server with Apache Tomcat/IIS on Windows 2008 x64 to allow external customers to access WF applications. The documentation offers scant information on configuring Apache and no information on any WF changes required. The best information is in the security manual WF77sec pages 21 and 22 which does not work.

Older versions of the security and admin manual talk about addressing the Client Proxy.wfs file which no longer exists.

Apache documentation references a lot of technobabble.

Ports are verified open, Apache installed correctly and functional. WF totally works when addressed from inside the firewall.

Thank you in advance.

Regards,
John
WF7.701, Windows2008 x64, MRE, Maintain, ReportCaster

This message has been edited. Last edited by: JohnG,


John G
WF7.7.02, Win2008x64, MRE, ReportCaster, Maintain
September 24, 2010, 12:28 PM
Darin Lee
Seems like I saw an entire specific document regarding configuration for a reverse proxy server. Browse/search through the documentation library and see if you can locate it. I'll check when I get a minute to see if I can find a copy.


Regards,

Darin


In FOCUS since 1991
WF Server: 7.7.04 on Linux and Z/OS, ReportCaster, Self-Service, MRE, Java, Flex
Data: DB2/UDB, Adabas, SQL Server Output: HTML,PDF,EXL2K/07, PS, AHTML, Flex
WF Client: 77 on Linux w/Tomcat
September 26, 2010, 01:00 PM
dlogan
John,
There is generally not any information on how to configure a reverse-proxy because that is outside the scope of the WebFOCUS product and how to configure the reverse-proxy itself varies depending on what you're using for a reverse-proxy (Though I think the 71x Sec & Admin Guide had a blurb in it about Apache). As a result there are only references to what changes are needed in WebFOCUS when used with a reverse-proxy.
With this said, since you're using Apache, and I assume mod_proxy, the following will work for you if added to your httpd.conf, or proxy.conf, depending on your configuration:
<Proxy *>
AddDefaultCharset off
Order allow, deny
Allow from all
#Allow from .example.com
</Proxy>


ProxyVia On
ProxyPass               /ibi_html http://MY_WF_CLIENT:MYPORT/ibi_html
ProxyPassReverse        /ibi_html http://MY_WF_CLIENT:MYPORT/ibi_html
ProxyPass               /ibi_bid http://MY_WF_CLIENT:MYPORT/ibi_bid
ProxyPassReverse        /ibi_bid http://MY_WF_CLIENT:MYPORT/ibi_bid
ProxyPass               /ibi_apps http://MY_WF_CLIENT:MYPORT/ibi_apps
ProxyPassReverse        /ibi_apps http://MY_WF_CLIENT:MYPORT/ibi_apps
ProxyPass               /rcaster http://MY_WF_CLIENT:MYPORT/rcaster/main
ProxyPassReverse        /rcaster http://MY_WF_CLIENT:MYPORT/rcaster/main
ProxyPass               /approot http://MY_WF_CLIENT:MYPORT/approot
ProxyPassReverse        /approot http://MY_WF_CLIENT:MYPORT/approot

NOTE: Above is from a non-production test box I put together. You will likely want to review the information on mod_proxy to validate the settings are how you wish things to work:

http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

You will of course also have needed to enable proxy and proxy_http modules.

On Linux you do this with a2enmod, I think on Windows you simply comment out the appropriate sections.


WF 71.x, 76.x, 7701, 8.0 Beta OS: Linux, Win2k3, Win2k, Win2k8, WinXP


October 01, 2010, 09:47 AM
JohnG
Thanks to D Logan I was able to successfully configure the Reverse Proxy Servers. If we meet, the first round is on me.

To fully document our solution for other BI professionals putting on their infrastructure hats:

The servers we used are pristine Virtual Machines running Windows Server 2008 R1 x64. The instances were clean, no IIS, JAVA, Tomcat, or WebFOCUS components.

Apache httpd Server 2.2.16 x32 was downloaded and installed on the desired VM instance(s).

Navigated to C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf folder.

Made a copy of httpd.conf (just in case).

Uncommented out the lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

Recycled Apache.

Included only the following lines to activate the proxy at the bottom of the httpd.conf file as DLogan's note indicates other WF components can be exposed:
ProxyPass /ibi_html http://192.168.20.71:9080/ibi_html
ProxyPassReverse /ibi_html http://192.168.20.71:9080/ibi_html
ProxyPass /ibi_apps http://192.168.20.71:9080/ibi_apps
ProxyPassReverse /ibi_apps http://192.168.20.71:9080/ibi_apps
ProxyPass /approot http://192.168.20.71:9080/approot
ProxyPassReverse /approot http://192.168.20.71:9080/approot

Note: The format is DNS(colon)port# or IP(colon)port#.

Recycled Apache and tested.

If the httpd.conf file contained errors, the service would not restart successfully.

Early testing indicates all normal desired activities behave as desired, secure logon (dbms), passing of Maintain applications, executing FEXs, and menu navigation.

At this point no additional Apache configuration for system optimization has been attempted. Any insights from this community is welcome.

NOTE: Attempted to utilize IIS with the (ARR) Application Request Routing add-in as IIS is the standard. In theory this direction is as simple as Apache, but I was unable to successfully configure IIS.

Regards,


John G
WF7.7.02, Win2008x64, MRE, ReportCaster, Maintain